modify check_wireguard, add initial check_openwrt_bssid

This commit is contained in:
Cyberes 2023-11-12 10:27:23 -07:00
parent 468e17cea5
commit 5da60a5415
3 changed files with 33 additions and 190 deletions

View File

@ -1,185 +0,0 @@
#!/usr/bin/env bash
# Define the usage message
usage() {
echo "Usage: $0 -u <url> [-w <warning>] [-c <critical>] [-C <contains>] [-L] [-I] [-H <headers>] [-p] [-R] [-s]"
echo "[Arguments]:
-u Specify the URL to check (required).
-w Set the warn level for response time (default: 1 second).
-c Set the critical level for response time (default: 2 seconds).
-C If the body does not contain this string, return CRITICAL.
-L Follow redirects.
-I Insecure mode (--insecure).
-H Specify headers. Formatted like \"Header1: value,Header2: value\"
-p Print the curl command and exit
-R Set curl --resolve option.
-s Ignore the response status code."
exit 3
}
# Parse the command-line arguments
while getopts "u:w:c:C:H:R:LhIps" opt; do
case $opt in
u)
URL=$OPTARG
;;
w)
WARNING_LEVEL=$OPTARG
;;
c)
CRITICAL_LEVEL=$OPTARG
;;
L)
FOLLOW_REDIRECTS="-L"
;;
C)
CONTAINS=$OPTARG
;;
I)
INSECURE="--insecure"
;;
H)
HEADERS=$OPTARG
;;
p)
PRINT_ONLY=true
;;
R)
RESOLVE="--resolve $OPTARG"
;;
s)
IGNORE_STATUS_CODE=true
;;
h)
usage
;;
*)
usage
;;
esac
done
WARNING_LEVEL=${WARNING_LEVEL:-1}
CRITICAL_LEVEL=${CRITICAL_LEVEL:-2}
#FOLLOW_REDIRECTS=${FOLLOW_REDIRECTS:-""}
PRINT_ONLY=${PRINT_ONLY:-false}
IGNORE_STATUS_CODE=${IGNORE_STATUS_CODE:-false}
if [ -z "$URL" ]; then
usage
fi
HEADER_ARGS=""
IFS=',' read -ra values <<<"$HEADERS"
for value in "${values[@]}"; do
HEADER_ARGS+=' -H "'$value'" '
done
TMP_ERROR_LOG=$(mktemp)
TMP_RESPONSE=$(mktemp)
if $PRINT_ONLY; then
printf "%s" "curl --output \"$TMP_RESPONSE\" -s -w \"%{http_code}\n%{time_total}\" $(echo "${HEADER_ARGS[@]}" | tr -s ' ') $FOLLOW_REDIRECTS $INSECURE $RESOLVE $URL\n"
exit 3
fi
RESPONSE=$(curl --output "$TMP_RESPONSE" -w "%{http_code}\n%{time_total}" $(echo "${HEADER_ARGS[@]}" | tr -s ' ') $FOLLOW_REDIRECTS $INSECURE $RESOLVE $URL 2>"$TMP_ERROR_LOG")
# shellcheck disable=SC2181
status=$?
if [ $status -ne 0 ]; then
case $status in
1)
msg="CRITICAL: Unsupported protocol"
;;
3)
msg="CRITICAL: Malformed URL $URL"
;;
# 5)
# msg="CRITICAL: Could not resolve proxy $proxy"
# ;;
6)
msg="CRITICAL: Could not resolve host $URL"
;;
7)
msg="CRITICAL: Could not connect to host (7)"
;;
22)
msg="CRITICAL: Server returned http code >= 400"
;;
52)
msg="CRITICAL: Server returned empty response (52)"
;;
56)
msg="CRITICAL: Failure recieving network data (56)"
;;
60)
msg="CRITICAL: SSL/TLS connection problem (60)"
;;
*)
echo "UNKNOWN: $status - $URL"
exit 3
;;
esac
echo -e "$msg"
# echo "Error log:"
# cat "$TMP_ERROR_LOG"
rm -rf "$TMP_ERROR_LOG"
exit 2
fi
rm -rf "$TMP_ERROR_LOG"
RESPONSE_CODE=$(echo "$RESPONSE" | head -n 1)
RESPONSE_TIME=$(printf "%.3f" $(echo "$RESPONSE" | tail -n 1))
OUTPUT_MSG=""
OUTPUT_CODE=0
if ([ $RESPONSE_CODE -eq 200 ] || $IGNORE_STATUS_CODE) && [ "$(echo "$RESPONSE_TIME < $CRITICAL_LEVEL" | bc -l)" -eq 1 ]; then
OUTPUT_MSG="OK: ${RESPONSE_TIME}s - $URL"
OUTPUT_CODE=0
elif ([ $RESPONSE_CODE -eq 200 ] || $IGNORE_STATUS_CODE) && [ "$(echo "$RESPONSE_TIME < $WARNING_LEVEL" | bc -l)" -eq 1 ]; then
OUTPUT_MSG="WARNING: response time is slow ($RESPONSE_TIME seconds)."
OUTPUT_CODE=1
elif ([ $RESPONSE_CODE -eq 200 ] || $IGNORE_STATUS_CODE); then
OUTPUT_MSG"CRITICAL: response time is very slow ($RESPONSE_TIME seconds)."
OUTPUT_CODE=2
else
OUTPUT_MSG="CRITICAL: website did not return 200, response was $RESPONSE_CODE code."
OUTPUT_CODE=2
fi
if [[ -n ${CONTAINS+x} ]]; then
if ! grep -q "$CONTAINS" "$TMP_RESPONSE"; then
OUTPUT_MSG+="\nCRITICAL: response did not contain required string!\nFound: $(cat "$TMP_RESPONSE")"
OUTPUT_CODE=2
# else
# OUTPUT_MSG+="\nOK: response contained required string."
fi
fi
rm -rf "$TMP_RESPONSE"
if $IGNORE_STATUS_CODE && [[ $RESPONSE_CODE -ne 200 ]]; then
OUTPUT_MSG+="\nResponse code was $RESPONSE_CODE."
fi
OUTPUT_MSG+=" | response_time=${RESPONSE_TIME}s;$WARNING_LEVEL;$CRITICAL_LEVEL;0"
case $OUTPUT_CODE in
#0)
# echo "OK: $URL"
# ;;
1)
echo "WARNING: $URL"
;;
2)
echo "CRITICAL: $URL"
;;
3)
echo "UNKNOWN: $URL"
;;
esac
echo -e "$OUTPUT_MSG"
exit $OUTPUT_CODE

28
check_openwrt_bssid.py Normal file
View File

@ -0,0 +1,28 @@
import paramiko
def check_bssid():
hostname = 'hostname'
username = 'username'
password = 'password'
specific_bssid = 'specific_bssid'
command = 'iw wlan0 scan | grep BSS'
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(hostname, username=username, password=password)
stdin, stdout, stderr = ssh.exec_command(command)
output = stdout.readlines()
for line in output:
if specific_bssid in line:
print(f'BSSID {specific_bssid} is present.')
return True
print(f'BSSID {specific_bssid} is not present.')
return False
check_bssid()

View File

@ -61,18 +61,18 @@ if ! command -v wg-quick &>/dev/null; then
fi fi
function cleanup { function cleanup {
wg-quick down $WG_INTERFACE >/dev/null 2>&1 wg-quick down "$WG_INTERFACE" >/dev/null 2>&1
} }
trap cleanup EXIT trap cleanup EXIT
# Try to establish a connection # Try to establish a connection
WG_UP_OUTPUT=$(wg-quick up $WG_INTERFACE 2>&1) WG_UP_OUTPUT=$(wg-quick up "$WG_INTERFACE" 2>&1)
# Check if the connection was successful # Check if the connection was successful
WG_STATUS=$(wg show) WG_STATUS=$(wg show)
if [ -z "$WG_STATUS" ]; then if [ -z "$WG_STATUS" ]; then
wg-quick down $WG_INTERFACE >/dev/null 2>&1 # be extra careful wg-quick down "$WG_INTERFACE" >/dev/null 2>&1 # be extra careful
echo "CRITICAL - Unable to establish a connection to the Wireguard server. Output from wg-quick up:" echo "CRITICAL - Unable to establish a connection to the Wireguard server. Output from wg-quick up:"
echo "$WG_UP_OUTPUT" echo "$WG_UP_OUTPUT"
exit 2 exit 2
@ -102,7 +102,7 @@ ELAPSED_TIME=$(echo "scale=2; $ELAPSED_TIME/1000000000" | bc)
ELAPSED_TIME=$(printf "%0.2f" $ELAPSED_TIME) ELAPSED_TIME=$(printf "%0.2f" $ELAPSED_TIME)
# Count peers # Count peers
PEER_COUNT=$(wg show $WG_INTERFACE peers | wc -l) PEER_COUNT=$(wg show "$WG_INTERFACE" peers | wc -l)
# Check if elapsed time exceeds warning or critical levels # Check if elapsed time exceeds warning or critical levels
if (($(echo "$ELAPSED_TIME > $CRITICAL_LEVEL" | bc -l))); then if (($(echo "$ELAPSED_TIME > $CRITICAL_LEVEL" | bc -l))); then
@ -114,7 +114,7 @@ elif (($(echo "$ELAPSED_TIME > $WARNING_LEVEL" | bc -l))); then
fi fi
# Close connection # Close connection
wg-quick down $WG_INTERFACE >/dev/null 2>&1 wg-quick down "$WG_INTERFACE" >/dev/null 2>&1
# Output metrics # Output metrics
echo "OK - connection to the Wireguard server was established | time=${ELAPSED_TIME}s;${WARNING_LEVEL};${CRITICAL_LEVEL};0;${CRITICAL_LEVEL} peers=${PEER_COUNT};;0;" echo "OK - connection to the Wireguard server was established | time=${ELAPSED_TIME}s;${WARNING_LEVEL};${CRITICAL_LEVEL};0;${CRITICAL_LEVEL} peers=${PEER_COUNT};;0;"