modify check_wireguard, add initial check_openwrt_bssid
This commit is contained in:
parent
468e17cea5
commit
5da60a5415
|
|
@ -1,185 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
# Define the usage message
|
||||
usage() {
|
||||
echo "Usage: $0 -u <url> [-w <warning>] [-c <critical>] [-C <contains>] [-L] [-I] [-H <headers>] [-p] [-R] [-s]"
|
||||
echo "[Arguments]:
|
||||
-u Specify the URL to check (required).
|
||||
-w Set the warn level for response time (default: 1 second).
|
||||
-c Set the critical level for response time (default: 2 seconds).
|
||||
-C If the body does not contain this string, return CRITICAL.
|
||||
-L Follow redirects.
|
||||
-I Insecure mode (--insecure).
|
||||
-H Specify headers. Formatted like \"Header1: value,Header2: value\"
|
||||
-p Print the curl command and exit
|
||||
-R Set curl --resolve option.
|
||||
-s Ignore the response status code."
|
||||
exit 3
|
||||
}
|
||||
|
||||
# Parse the command-line arguments
|
||||
while getopts "u:w:c:C:H:R:LhIps" opt; do
|
||||
case $opt in
|
||||
u)
|
||||
URL=$OPTARG
|
||||
;;
|
||||
w)
|
||||
WARNING_LEVEL=$OPTARG
|
||||
;;
|
||||
c)
|
||||
CRITICAL_LEVEL=$OPTARG
|
||||
;;
|
||||
L)
|
||||
FOLLOW_REDIRECTS="-L"
|
||||
;;
|
||||
C)
|
||||
CONTAINS=$OPTARG
|
||||
;;
|
||||
I)
|
||||
INSECURE="--insecure"
|
||||
;;
|
||||
H)
|
||||
HEADERS=$OPTARG
|
||||
;;
|
||||
p)
|
||||
PRINT_ONLY=true
|
||||
;;
|
||||
R)
|
||||
RESOLVE="--resolve $OPTARG"
|
||||
;;
|
||||
s)
|
||||
IGNORE_STATUS_CODE=true
|
||||
;;
|
||||
h)
|
||||
usage
|
||||
;;
|
||||
*)
|
||||
usage
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
WARNING_LEVEL=${WARNING_LEVEL:-1}
|
||||
CRITICAL_LEVEL=${CRITICAL_LEVEL:-2}
|
||||
#FOLLOW_REDIRECTS=${FOLLOW_REDIRECTS:-""}
|
||||
PRINT_ONLY=${PRINT_ONLY:-false}
|
||||
IGNORE_STATUS_CODE=${IGNORE_STATUS_CODE:-false}
|
||||
|
||||
if [ -z "$URL" ]; then
|
||||
usage
|
||||
fi
|
||||
|
||||
HEADER_ARGS=""
|
||||
IFS=',' read -ra values <<<"$HEADERS"
|
||||
for value in "${values[@]}"; do
|
||||
HEADER_ARGS+=' -H "'$value'" '
|
||||
done
|
||||
|
||||
TMP_ERROR_LOG=$(mktemp)
|
||||
TMP_RESPONSE=$(mktemp)
|
||||
|
||||
if $PRINT_ONLY; then
|
||||
printf "%s" "curl --output \"$TMP_RESPONSE\" -s -w \"%{http_code}\n%{time_total}\" $(echo "${HEADER_ARGS[@]}" | tr -s ' ') $FOLLOW_REDIRECTS $INSECURE $RESOLVE $URL\n"
|
||||
exit 3
|
||||
fi
|
||||
|
||||
RESPONSE=$(curl --output "$TMP_RESPONSE" -w "%{http_code}\n%{time_total}" $(echo "${HEADER_ARGS[@]}" | tr -s ' ') $FOLLOW_REDIRECTS $INSECURE $RESOLVE $URL 2>"$TMP_ERROR_LOG")
|
||||
|
||||
# shellcheck disable=SC2181
|
||||
status=$?
|
||||
if [ $status -ne 0 ]; then
|
||||
case $status in
|
||||
1)
|
||||
msg="CRITICAL: Unsupported protocol"
|
||||
;;
|
||||
3)
|
||||
msg="CRITICAL: Malformed URL $URL"
|
||||
;;
|
||||
# 5)
|
||||
# msg="CRITICAL: Could not resolve proxy $proxy"
|
||||
# ;;
|
||||
6)
|
||||
msg="CRITICAL: Could not resolve host $URL"
|
||||
;;
|
||||
7)
|
||||
msg="CRITICAL: Could not connect to host (7)"
|
||||
;;
|
||||
22)
|
||||
msg="CRITICAL: Server returned http code >= 400"
|
||||
;;
|
||||
52)
|
||||
msg="CRITICAL: Server returned empty response (52)"
|
||||
;;
|
||||
56)
|
||||
msg="CRITICAL: Failure recieving network data (56)"
|
||||
;;
|
||||
60)
|
||||
msg="CRITICAL: SSL/TLS connection problem (60)"
|
||||
;;
|
||||
*)
|
||||
echo "UNKNOWN: $status - $URL"
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
||||
echo -e "$msg"
|
||||
# echo "Error log:"
|
||||
# cat "$TMP_ERROR_LOG"
|
||||
rm -rf "$TMP_ERROR_LOG"
|
||||
exit 2
|
||||
fi
|
||||
rm -rf "$TMP_ERROR_LOG"
|
||||
|
||||
RESPONSE_CODE=$(echo "$RESPONSE" | head -n 1)
|
||||
RESPONSE_TIME=$(printf "%.3f" $(echo "$RESPONSE" | tail -n 1))
|
||||
|
||||
OUTPUT_MSG=""
|
||||
OUTPUT_CODE=0
|
||||
|
||||
if ([ $RESPONSE_CODE -eq 200 ] || $IGNORE_STATUS_CODE) && [ "$(echo "$RESPONSE_TIME < $CRITICAL_LEVEL" | bc -l)" -eq 1 ]; then
|
||||
OUTPUT_MSG="OK: ${RESPONSE_TIME}s - $URL"
|
||||
OUTPUT_CODE=0
|
||||
elif ([ $RESPONSE_CODE -eq 200 ] || $IGNORE_STATUS_CODE) && [ "$(echo "$RESPONSE_TIME < $WARNING_LEVEL" | bc -l)" -eq 1 ]; then
|
||||
OUTPUT_MSG="WARNING: response time is slow ($RESPONSE_TIME seconds)."
|
||||
OUTPUT_CODE=1
|
||||
elif ([ $RESPONSE_CODE -eq 200 ] || $IGNORE_STATUS_CODE); then
|
||||
OUTPUT_MSG"CRITICAL: response time is very slow ($RESPONSE_TIME seconds)."
|
||||
OUTPUT_CODE=2
|
||||
else
|
||||
OUTPUT_MSG="CRITICAL: website did not return 200, response was $RESPONSE_CODE code."
|
||||
OUTPUT_CODE=2
|
||||
fi
|
||||
|
||||
if [[ -n ${CONTAINS+x} ]]; then
|
||||
if ! grep -q "$CONTAINS" "$TMP_RESPONSE"; then
|
||||
OUTPUT_MSG+="\nCRITICAL: response did not contain required string!\nFound: $(cat "$TMP_RESPONSE")"
|
||||
OUTPUT_CODE=2
|
||||
# else
|
||||
# OUTPUT_MSG+="\nOK: response contained required string."
|
||||
fi
|
||||
fi
|
||||
rm -rf "$TMP_RESPONSE"
|
||||
|
||||
if $IGNORE_STATUS_CODE && [[ $RESPONSE_CODE -ne 200 ]]; then
|
||||
OUTPUT_MSG+="\nResponse code was $RESPONSE_CODE."
|
||||
fi
|
||||
|
||||
OUTPUT_MSG+=" | response_time=${RESPONSE_TIME}s;$WARNING_LEVEL;$CRITICAL_LEVEL;0"
|
||||
|
||||
case $OUTPUT_CODE in
|
||||
#0)
|
||||
# echo "OK: $URL"
|
||||
# ;;
|
||||
1)
|
||||
echo "WARNING: $URL"
|
||||
;;
|
||||
2)
|
||||
echo "CRITICAL: $URL"
|
||||
;;
|
||||
3)
|
||||
echo "UNKNOWN: $URL"
|
||||
;;
|
||||
esac
|
||||
|
||||
echo -e "$OUTPUT_MSG"
|
||||
exit $OUTPUT_CODE
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
import paramiko
|
||||
|
||||
|
||||
def check_bssid():
|
||||
hostname = 'hostname'
|
||||
username = 'username'
|
||||
password = 'password'
|
||||
specific_bssid = 'specific_bssid'
|
||||
|
||||
command = 'iw wlan0 scan | grep BSS'
|
||||
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
|
||||
ssh.connect(hostname, username=username, password=password)
|
||||
|
||||
stdin, stdout, stderr = ssh.exec_command(command)
|
||||
output = stdout.readlines()
|
||||
|
||||
for line in output:
|
||||
if specific_bssid in line:
|
||||
print(f'BSSID {specific_bssid} is present.')
|
||||
return True
|
||||
|
||||
print(f'BSSID {specific_bssid} is not present.')
|
||||
return False
|
||||
|
||||
|
||||
check_bssid()
|
||||
|
|
@ -61,18 +61,18 @@ if ! command -v wg-quick &>/dev/null; then
|
|||
fi
|
||||
|
||||
function cleanup {
|
||||
wg-quick down $WG_INTERFACE >/dev/null 2>&1
|
||||
wg-quick down "$WG_INTERFACE" >/dev/null 2>&1
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Try to establish a connection
|
||||
WG_UP_OUTPUT=$(wg-quick up $WG_INTERFACE 2>&1)
|
||||
WG_UP_OUTPUT=$(wg-quick up "$WG_INTERFACE" 2>&1)
|
||||
|
||||
# Check if the connection was successful
|
||||
WG_STATUS=$(wg show)
|
||||
|
||||
if [ -z "$WG_STATUS" ]; then
|
||||
wg-quick down $WG_INTERFACE >/dev/null 2>&1 # be extra careful
|
||||
wg-quick down "$WG_INTERFACE" >/dev/null 2>&1 # be extra careful
|
||||
echo "CRITICAL - Unable to establish a connection to the Wireguard server. Output from wg-quick up:"
|
||||
echo "$WG_UP_OUTPUT"
|
||||
exit 2
|
||||
|
|
@ -102,7 +102,7 @@ ELAPSED_TIME=$(echo "scale=2; $ELAPSED_TIME/1000000000" | bc)
|
|||
ELAPSED_TIME=$(printf "%0.2f" $ELAPSED_TIME)
|
||||
|
||||
# Count peers
|
||||
PEER_COUNT=$(wg show $WG_INTERFACE peers | wc -l)
|
||||
PEER_COUNT=$(wg show "$WG_INTERFACE" peers | wc -l)
|
||||
|
||||
# Check if elapsed time exceeds warning or critical levels
|
||||
if (($(echo "$ELAPSED_TIME > $CRITICAL_LEVEL" | bc -l))); then
|
||||
|
|
@ -114,7 +114,7 @@ elif (($(echo "$ELAPSED_TIME > $WARNING_LEVEL" | bc -l))); then
|
|||
fi
|
||||
|
||||
# Close connection
|
||||
wg-quick down $WG_INTERFACE >/dev/null 2>&1
|
||||
wg-quick down "$WG_INTERFACE" >/dev/null 2>&1
|
||||
|
||||
# Output metrics
|
||||
echo "OK - connection to the Wireguard server was established | time=${ELAPSED_TIME}s;${WARNING_LEVEL};${CRITICAL_LEVEL};0;${CRITICAL_LEVEL} peers=${PEER_COUNT};;0;"
|
||||
|
|
|
|||
Loading…
Reference in New Issue