#!/usr/bin/perl use strict; use Getopt::Long; use vars qw($opt_V $opt_h $opt_P $opt_H $opt_w $opt_c $PROGNAME); use lib "/usr/local/nagios/libexec" ; use utils qw(%ERRORS &print_revision &support &usage); my $remote_user = "root"; my $path_to_ssh = "/usr/bin/ssh"; my $path_to_grep = "/usr/bin/grep"; my $path_to_awk = "/usr/bin/awk"; my $warn = 50000; my $crit = 60000; $PROGNAME = "check_pfstate"; $ENV{'PATH'}=''; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; Getopt::Long::Configure('bundling'); GetOptions ("V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, "H=s" => \$opt_H, "hostname=s" => \$opt_H, "w=s" => \$opt_w, "warning=s" => \$opt_w, "c=s" => \$opt_c, "critical=s" => \$opt_c); if ($opt_V) { print_revision($PROGNAME,'$Revision: 1112 $'); exit $ERRORS{'OK'}; } if ($opt_h) { print_help(); exit $ERRORS{'OK'}; } if ($opt_w) { if ($opt_w =~ /(\d+)/) { $warn = $1; } else { usage("Invalid values: $opt_w\n"); exit $ERRORS{'OK'}; } } if ($opt_c) { if ($opt_c =~ /(\d+)/) { $crit = $1; } else { usage("Invalid values: $opt_c\n"); exit $ERRORS{'OK'}; } } ($opt_H) || usage("Host name/address not specified\n"); my $host = $1 if ($opt_H =~ /([-.A-Za-z0-9]+)/); ($host) || usage("Invalid host: $opt_H\n"); my $result = `$path_to_ssh -l $remote_user $host '/sbin/pfctl -s info' | $path_to_grep entries`; chomp $result; $result =~ /(\d+)/; $result = $1; print "$result PF state entries\n"; exit $ERRORS{'CRITICAL'} if ($result >= $crit); exit $ERRORS{'WARNING'} if ($result >= $warn); exit $ERRORS{'OK'}; sub print_help { print_revision($PROGNAME,'$Revision: 1112 $'); print "Copyright (c) 2002 Jason Dixon\n\nThis plugin checks the number of state table entries on a PF-enabled OpenBSD system.\n\n"; print "Usage:\t-H, --hostname= [-w, --warning=] [-c, --critical=]\n\n\tDefault warning is 50000 and critical is 60000.\n\n"; support(); }