source: trunk/scripts/check_samhain.pl.in@ 225

Last change on this file since 225 was 1, checked in by katerina, 19 years ago

Initial import

File size: 5.8 KB
Line 
1#!/usr/bin/perl -w
2
3# check_samhain.pl - check to see how many policy violations are reported
4# by the samhain file integrity checker.
5#
6# Copyright Rainer Wichmann (2004)
7#
8# License Information:
9# This program is free software; you can redistribute it and/or modify
10# it under the terms of the GNU General Public License as published by
11# the Free Software Foundation; either version 2 of the License, or
12# (at your option) any later version.
13#
14# This program is distributed in the hope that it will be useful,
15# but WITHOUT ANY WARRANTY; without even the implied warranty of
16# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17# GNU General Public License for more details.
18#
19# You should have received a copy of the GNU General Public License
20# along with this program; if not, write to the Free Software
21# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22#
23############################################################################
24
25# -------------------------------------------------------------------[ Uses ]--
26
27use strict;
28use Getopt::Long;
29use vars qw($PROGNAME $SAMHAIN $opt_V $opt_h $opt_v $verbose $opt_w $opt_c $opt_t $status $msg $state $retval);
30use lib utils.pm;
31use utils qw(%ERRORS &print_revision);
32
33#my $TIMEOUT = 15;
34#my %ERRORS=('OK'=>0,'WARNING'=>1,'CRITICAL'=>2,'UNKNOWN'=>3,'DEPENDENT'=>4);
35#sub print_revision ($$);
36
37# ----------------------------------------------------[ Function Prototypes ]--
38
39sub print_help ();
40sub print_usage ();
41sub process_arguments ();
42
43# ------------------------------------------------------------[ Environment ]--
44
45$ENV{'PATH'}='';
46$ENV{'BASH_ENV'}='';
47$ENV{'ENV'}='';
48
49# -----------------------------------------------------------------[ Global ]--
50
51$PROGNAME = "check_samhain";
52$SAMHAIN = "@sbindir@/@install_name@";
53
54# ----------------------------------------------------------------[ options ]--
55
56Getopt::Long::Configure('bundling');
57$status = process_arguments();
58if ($status){
59 print "ERROR: processing arguments\n";
60 exit $ERRORS{"UNKNOWN"};
61}
62
63# ----------------------------------------------------------------[ timeout ]--
64
65$SIG{'ALRM'} = sub {
66 print ("ERROR: timed out waiting for $SAMHAIN\n");
67 exit $ERRORS{"WARNING"};
68};
69alarm($opt_t);
70
71# ----------------------------------------------------------[ start samhain ]--
72
73if ( defined $SAMHAIN && -x $SAMHAIN ) {
74 if (! open (SHPIPE, "$SAMHAIN -t check --foreground -p err -s none -l none -m none 2>&1 | " ) ) {
75 print "ERROR: could not popen $SAMHAIN \n";
76 exit $ERRORS{'UNKNOWN'};
77 }
78}else{
79 print "ERROR: Could not find samhain executable!\n";
80 exit $ERRORS{'UNKNOWN'};
81}
82
83# ---------------------------------------------------------[ read from pipe ]--
84
85$status = 0;
86
87while (<SHPIPE>) {
88 if (/POLICY/) {
89 ++$status;
90 print $_ if $verbose;
91 }
92}
93
94if ($status < $opt_w) {
95 $msg = "OK: $status policy violations (threshold $opt_w/$opt_c)";
96 $state = $ERRORS{'OK'};
97} elsif ($status >= $opt_w && $status < $opt_c) {
98 $msg = "WARNING: $status policy violations (threshold w=$opt_w)";
99 $state = $ERRORS{'WARNING'};
100} else {
101 $msg = "CRITICAL: $status policy violations (threshold w=$opt_w)";
102 $state = $ERRORS{'CRITICAL'};
103}
104
105# -------------------------------------------------------------[ close pipe ]--
106
107close (SHPIPE);
108
109# declare an error if we also get a non-zero return code from samhain
110
111if ( $? ) {
112 $retval = $? / 256;
113 if ( $! ) {
114 print "Error closing $SAMHAIN: $!\n" if $verbose;
115 } else {
116 print "$SAMHAIN returned exit status $retval\n" if $verbose;
117 }
118 if ($state == $ERRORS{"CRITICAL"}) {
119 $state = $ERRORS{"CRITICAL"};
120 } else {
121 print "ERROR: $SAMHAIN exit status $retval\n";
122 exit $ERRORS{'UNKNOWN'};
123 }
124}
125
126# -------------------------------------------------------------------[ exit ]--
127
128print "$msg | 'policy violations'=$status;$opt_w;$opt_c\n";
129exit $state;
130
131
132# ------------------------------------------------------------[ Subroutines ]--
133
134sub process_arguments(){
135 GetOptions
136 ("V" => \$opt_V, "version" => \$opt_V,
137 "h" => \$opt_h, "help" => \$opt_h,
138 "v" => \$opt_v, "verbose" => \$opt_v,
139 "w=i" => \$opt_w, "warning=i" => \$opt_w,
140 "c=i" => \$opt_c, "critical=i" => \$opt_c,
141 "t=i" => \$opt_t, "timeout=i" => \$opt_t
142 );
143
144 if ($opt_V) {
145 print_revision($PROGNAME,'$Revision: 1.0 $ ');
146 exit $ERRORS{'OK'};
147 }
148
149 if ($opt_h) {
150 print_help();
151 exit $ERRORS{'OK'};
152 }
153
154 if (defined $opt_v ){
155 $verbose = $opt_v;
156 }
157
158 unless (defined $opt_t) {
159 $opt_t = $utils::TIMEOUT ; # default timeout
160 # $opt_t = $TIMEOUT ;
161 }
162
163 unless (defined $opt_w) {
164 $opt_w = 1;
165 }
166
167 unless (defined $opt_c) {
168 $opt_c = 1;
169 }
170
171 if ( $opt_w > $opt_c) {
172 print "Warning cannot be greater than Critical!\n";
173 exit $ERRORS{'UNKNOWN'};
174 }
175
176 return $ERRORS{'OK'};
177}
178
179sub print_usage () {
180 print "Usage: $PROGNAME [-w <warn>] [-c <crit>] [-t <timeout>]\n";
181}
182
183sub print_help () {
184 print_revision($PROGNAME, '$Revision: 1.0 $');
185 print "Copyright (c) 2004 Rainer Wichmann
186
187This plugin checks the number of policy violations reported by the
188samhain file intgrity checker
189
190";
191 print_usage();
192 print "
193-w, --warning=INTEGER
194 Minimum number of policy violations for which a WARNING status will result
195-c, --critical=INTEGER
196 Minimum number of policy violations for which a CRITICAL status will result
197-t, --timeout=SECONDS
198 The number of seconds after which a the plugin will timeout
199-v, --verbose
200 Verbose output
201-h, --help
202 Show this help message
203-V, --version
204 Show the version of the plugin
205
206";
207}
208
209#sub print_revision ($$) {
210# my $commandName = shift;
211# my $pluginRevision = shift;
212# $pluginRevision =~ s/^\$Revision: //;
213# $pluginRevision =~ s/ \$\s*$//;
214# print "$commandName (@PACKAGE@ @VERSION@) $pluginRevision\n";
215#}
Note: See TracBrowser for help on using the repository browser.