From 8dd46c6d3d13abcea0d8398fa394b7ce67b4139a Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sat, 26 Jun 2010 11:59:23 +0200 Subject: [PATCH] dsa-check-zone-rrsig-expiration-many: also allow checking of geozones --- .../dsa-check-zone-rrsig-expiration-many | 68 +++++++++++++------ dsa-nagios-checks/debian/changelog | 3 +- 2 files changed, 49 insertions(+), 22 deletions(-) diff --git a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many index 7e20730..15305dd 100755 --- a/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many +++ b/dsa-nagios-checks/checks/dsa-check-zone-rrsig-expiration-many @@ -26,6 +26,8 @@ use warnings; use English; use Getopt::Long; use FindBin qw($Bin); +use YAML; +use File::Basename; my $CHECK = $Bin.'/dsa-check-zone-rrsig-expiration'; @@ -57,13 +59,14 @@ sub convert_time { return $ticks; } -my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=] [--critical=] \n"; +my $USAGE = "Usage: $PROGRAM_NAME [--help] | [--warn=] [--critical=] [--geozonedir=] \n"; my $params = { 'warn' => '14d', 'critical' => '7d' }; Getopt::Long::config('bundling'); GetOptions ( '--help' => \$params->{'help'}, '--warn=s' => \$params->{'warn'}, '--critical=s' => \$params->{'critical'}, + '--geozonedir=s' => \$params->{'geozonedir'}, ) or die ($USAGE); if ($params->{'help'}) { print $USAGE; @@ -73,19 +76,6 @@ die ($USAGE) unless (scalar @ARGV == 1); my $INDIR = shift; -my @zones; -chdir $INDIR or die "chdir $INDIR failed? $!\n"; -opendir INDIR, $INDIR or die ("Cannot opendir $INDIR\n"); -for my $file (readdir INDIR) { - next if ( -l "$file" ); - next unless ( -f "$file" ); - next if $file =~ /^(dsset|keyset)-/; - - push @zones, $file; -} -closedir(INDIR); - - my $count = { 'ok' => [], 'warn' => [], @@ -94,21 +84,57 @@ my $count = 'unsigned' => [], }; -my @details; -for my $zone (sort {$a cmp $b} @zones) { +my @dnsseczones; +# load list of classic zones that will do DNSSEC +chdir $INDIR or die "chdir $INDIR failed? $!\n"; +opendir INDIR, '.' or die ("Cannot opendir $INDIR\n"); +for my $file (sort {$a cmp $b} (readdir INDIR)) { + next if ( -l "$file" ); + next unless ( -f "$file" ); + next if $file =~ /^(dsset|keyset)-/; + my $do_dnssec = 0; - open(F, '<', $zone) or die ("Cannot open $zone: $!\n"); + open(F, '<', $file) or die ("Cannot open $file: $!\n"); for () { - if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; } + if (/^; wzf:\s*dnssec\s*=\s*1\s*$/) { $do_dnssec = 1; last; } }; close F; - unless ($do_dnssec) { - push @{$count->{'unsigned'}}, $zone; - next; + if ($do_dnssec) { + push @dnsseczones, $file; + } else { + push @{$count->{'unsigned'}}, $file; }; +} +closedir(INDIR); + +# load list of geodns zones that will do DNSSEC +if (defined $params->{'geozonedir'}) { + chdir $params->{'geozonedir'} or die "chdir $params->{'geozonedir'} failed? $!\n"; + opendir INDIR, '.' or die ("Cannot opendir $params->{'geozonedir'}\n"); + for my $file (sort {$a cmp $b} (readdir INDIR)) { + next unless $file =~ /\.zone$/; + + open (F, '<', $file) or die "Cannot open $file: $!\n"; + my ($zc, undef, undef) = Load(join "", ()); + close F; + + my $zone = basename($file, '.zone'); + + if ($zc->{'dnssec'}) { + push @dnsseczones, $zone; + } else { + push @{$count->{'unsigned'}}, $zone; + }; + } + closedir(INDIR); +} + + +my @details; +for my $zone (sort {$a cmp $b} @dnsseczones) { open(P, '-|', ($CHECK, '-w', $params->{'warn'}, '-c', $params->{'critical'}, $zone)) or die ("Cannot run $CHECK for $zone\n"); my @p =

; diff --git a/dsa-nagios-checks/debian/changelog b/dsa-nagios-checks/debian/changelog index d401d02..83c197c 100644 --- a/dsa-nagios-checks/debian/changelog +++ b/dsa-nagios-checks/debian/changelog @@ -13,8 +13,9 @@ dsa-nagios-checks (8X) unstable; urgency=low * Add checks/dsa-check-backuppg. * dsa-check-mirrorsync: optionally allow some skew over mirror timestamps. * Add dsa-check-log-age-loghost. + * dsa-check-zone-rrsig-expiration-many: also allow checking of geozones. - -- Peter Palfrader Mon, 21 Jun 2010 13:37:03 +0200 + -- Peter Palfrader Sat, 26 Jun 2010 11:59:05 +0200 dsa-nagios-checks (86) unstable; urgency=low -- 2.20.1