diff options
author | Sven Nierlein <sven@nierlein.de> | 2017-03-10 21:23:40 (GMT) |
---|---|---|
committer | Sven Nierlein <sven@nierlein.de> | 2017-03-12 21:55:52 (GMT) |
commit | 0cff5f2d93b1359ab10949aa119527a1e4e6eb35 (patch) | |
tree | 82e804ad6e7b64ab03365ab4433d829bf911b21f | |
parent | d721efc10b35071b85ca98a9338e3981ce36a9ab (diff) | |
download | monitoring-plugins-0cff5f2d93b1359ab10949aa119527a1e4e6eb35.tar.gz |
remove hardcoded verisign.com tests
and make it configurable
Signed-off-by: Sven Nierlein <sven@nierlein.de>
-rw-r--r-- | .travis.yml | 8 | ||||
-rw-r--r-- | plugins/t/NPTest.cache.travis | 2 | ||||
-rw-r--r-- | plugins/t/check_http.t | 69 | ||||
-rw-r--r-- | plugins/t/check_tcp.t | 11 |
4 files changed, 54 insertions, 36 deletions
diff --git a/.travis.yml b/.travis.yml index d68490c..2150c21 100644 --- a/.travis.yml +++ b/.travis.yml | |||
@@ -49,13 +49,18 @@ before_install: | |||
49 | install: | 49 | install: |
50 | - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libradcli-dev libkrb5-dev libnet-snmp-perl procps | 50 | - sudo apt-get install -qq --no-install-recommends perl autotools-dev libdbi-dev libldap2-dev libpq-dev libmysqlclient-dev libradcli-dev libkrb5-dev libnet-snmp-perl procps |
51 | - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd | 51 | - sudo apt-get install -qq --no-install-recommends libdbi0-dev libdbd-sqlite3 libssl-dev dnsutils snmp-mibs-downloader libsnmp-perl snmpd |
52 | - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 postfix libhttp-daemon-ssl-perl | 52 | - sudo apt-get install -qq --no-install-recommends fping snmp netcat smbclient fping pure-ftpd apache2 ssl-cert postfix libhttp-daemon-ssl-perl |
53 | - sudo apt-get install -qq --no-install-recommends libdbd-sybase-perl libnet-dns-perl | 53 | - sudo apt-get install -qq --no-install-recommends libdbd-sybase-perl libnet-dns-perl |
54 | - sudo apt-get install -qq --no-install-recommends slapd ldap-utils | 54 | - sudo apt-get install -qq --no-install-recommends slapd ldap-utils |
55 | - sudo apt-get install -qq --no-install-recommends autoconf automake | 55 | - sudo apt-get install -qq --no-install-recommends autoconf automake |
56 | - sudo apt-get install -qq --no-install-recommends faketime | 56 | - sudo apt-get install -qq --no-install-recommends faketime |
57 | # Trusty related dependencies (not yet provided) | 57 | # Trusty related dependencies (not yet provided) |
58 | - test "$(dpkg -l | grep -E "mysql-(client|server)-[0-9].[0-9]" | grep -c ^ii)" -gt 0 || sudo apt-get install -qq --no-install-recommends mariadb-client mariadb-server | 58 | - test "$(dpkg -l | grep -E "mysql-(client|server)-[0-9].[0-9]" | grep -c ^ii)" -gt 0 || sudo apt-get install -qq --no-install-recommends mariadb-client mariadb-server |
59 | # enable ssl apache | ||
60 | - sudo a2enmod ssl | ||
61 | - sudo a2ensite default-ssl | ||
62 | - sudo make-ssl-cert generate-default-snakeoil --force-overwrite | ||
63 | - sudo service apache2 reload | ||
59 | 64 | ||
60 | before_script: | 65 | before_script: |
61 | # ensure we have a test database in place for tests | 66 | # ensure we have a test database in place for tests |
@@ -73,6 +78,7 @@ before_script: | |||
73 | - sudo rm -f /usr/share/mibs/ietf/SNMPv2-PDU /usr/share/mibs/ietf/IPSEC-SPD-MIB /usr/share/mibs/ietf/IPATM-IPMC-MIB /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB | 78 | - sudo rm -f /usr/share/mibs/ietf/SNMPv2-PDU /usr/share/mibs/ietf/IPSEC-SPD-MIB /usr/share/mibs/ietf/IPATM-IPMC-MIB /usr/share/mibs/iana/IANA-IPPM-METRICS-REGISTRY-MIB |
74 | - sudo mkdir -p /var/lib/snmp/mib_indexes | 79 | - sudo mkdir -p /var/lib/snmp/mib_indexes |
75 | - sudo mkdir /media/ramdisk && sudo chmod 777 /media/ramdisk && sudo mount -t tmpfs -o size=20% none /media/ramdisk | 80 | - sudo mkdir /media/ramdisk && sudo chmod 777 /media/ramdisk && sudo mount -t tmpfs -o size=20% none /media/ramdisk |
81 | - sed "/host_tls_cert/s/.*/'host_tls_cert' => '$(hostname)',/" -i $NPTEST_CACHE | ||
76 | 82 | ||
77 | script: | 83 | script: |
78 | - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then make test; fi | 84 | - if [ "$COVERITY_SCAN_BRANCH" != 1 ]; then make test; fi |
diff --git a/plugins/t/NPTest.cache.travis b/plugins/t/NPTest.cache.travis index 38c0a6b..e9705f3 100644 --- a/plugins/t/NPTest.cache.travis +++ b/plugins/t/NPTest.cache.travis | |||
@@ -57,4 +57,6 @@ | |||
57 | 'snmp_community' => '', | 57 | 'snmp_community' => '', |
58 | 'user_snmp' => '', | 58 | 'user_snmp' => '', |
59 | 'host_udp_time' => 'none', | 59 | 'host_udp_time' => 'none', |
60 | 'host_tls_http' => 'localhost', | ||
61 | 'host_tls_cert' => 'localhost', | ||
60 | } | 62 | } |
diff --git a/plugins/t/check_http.t b/plugins/t/check_http.t index 5a90f02..8bd484a 100644 --- a/plugins/t/check_http.t +++ b/plugins/t/check_http.t | |||
@@ -19,6 +19,13 @@ my $host_tcp_http = getTestParameter( "NP_HOST_TCP_HTTP", | |||
19 | "A host providing the HTTP Service (a web server)", | 19 | "A host providing the HTTP Service (a web server)", |
20 | "localhost" ); | 20 | "localhost" ); |
21 | 21 | ||
22 | my $host_tls_http = getTestParameter( "host_tls_http", "NP_HOST_TLS_HTTP", "localhost", | ||
23 | "A host providing the HTTPS Service (a tls web server)" ); | ||
24 | |||
25 | my $host_tls_cert = getTestParameter( "host_tls_cert", "NP_HOST_TLS_CERT", "localhost", | ||
26 | "the common name of the certificate." ); | ||
27 | |||
28 | |||
22 | my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", | 29 | my $host_nonresponsive = getTestParameter( "NP_HOST_NONRESPONSIVE", |
23 | "The hostname of system not responsive to network requests", | 30 | "The hostname of system not responsive to network requests", |
24 | "10.0.0.1" ); | 31 | "10.0.0.1" ); |
@@ -80,14 +87,14 @@ like( $res->output, '/^Host: '.$host_tcp_http.':8080\s*$/ms', "Host Header OK" ) | |||
80 | SKIP: { | 87 | SKIP: { |
81 | skip "No internet access", 3 if $internet_access eq "no"; | 88 | skip "No internet access", 3 if $internet_access eq "no"; |
82 | 89 | ||
83 | $res = NPTest->testCmd("./check_http -v -H www.verisign.com -S"); | 90 | $res = NPTest->testCmd("./check_http -v -H $host_tls_http -S"); |
84 | like( $res->output, '/^Host: www.verisign.com\s*$/ms', "Host Header OK" ); | 91 | like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); |
85 | 92 | ||
86 | $res = NPTest->testCmd("./check_http -v -H www.verisign.com:8080 -S -p 443"); | 93 | $res = NPTest->testCmd("./check_http -v -H $host_tls_http:8080 -S -p 443"); |
87 | like( $res->output, '/^Host: www.verisign.com:8080\s*$/ms', "Host Header OK" ); | 94 | like( $res->output, '/^Host: '.$host_tls_http.':8080\s*$/ms', "Host Header OK" ); |
88 | 95 | ||
89 | $res = NPTest->testCmd("./check_http -v -H www.verisign.com:443 -S -p 443"); | 96 | $res = NPTest->testCmd("./check_http -v -H $host_tls_http:443 -S -p 443"); |
90 | like( $res->output, '/^Host: www.verisign.com\s*$/ms', "Host Header OK" ); | 97 | like( $res->output, '/^Host: '.$host_tls_http.'\s*$/ms', "Host Header OK" ); |
91 | }; | 98 | }; |
92 | 99 | ||
93 | SKIP: { | 100 | SKIP: { |
@@ -114,38 +121,38 @@ SKIP: { | |||
114 | skip "No internet access", 16 if $internet_access eq "no"; | 121 | skip "No internet access", 16 if $internet_access eq "no"; |
115 | 122 | ||
116 | $res = NPTest->testCmd( | 123 | $res = NPTest->testCmd( |
117 | "./check_http --ssl www.verisign.com" | 124 | "./check_http --ssl $host_tls_http" |
118 | ); | 125 | ); |
119 | cmp_ok( $res->return_code, '==', 0, "Can read https for www.verisign.com" ); | 126 | cmp_ok( $res->return_code, '==', 0, "Can read https for $host_tls_http" ); |
120 | 127 | ||
121 | $res = NPTest->testCmd( "./check_http -C 1 --ssl www.verisign.com" ); | 128 | $res = NPTest->testCmd( "./check_http -C 1 --ssl $host_tls_http" ); |
122 | cmp_ok( $res->return_code, '==', 0, "Checking certificate for www.verisign.com"); | 129 | cmp_ok( $res->return_code, '==', 0, "Checking certificate for $host_tls_http"); |
123 | like ( $res->output, "/Certificate 'www.verisign.com' will expire on/", "Output OK" ); | 130 | like ( $res->output, "/Certificate '$host_tls_cert' will expire on/", "Output OK" ); |
124 | my $saved_cert_output = $res->output; | 131 | my $saved_cert_output = $res->output; |
125 | 132 | ||
126 | $res = NPTest->testCmd( "./check_http -C 8000,1 --ssl www.verisign.com" ); | 133 | $res = NPTest->testCmd( "./check_http -C 8000,1 --ssl $host_tls_http" ); |
127 | cmp_ok( $res->return_code, '==', 1, "Checking certificate for www.verisign.com"); | 134 | cmp_ok( $res->return_code, '==', 1, "Checking certificate for $host_tls_http"); |
128 | like ( $res->output, qr/WARNING - Certificate 'www.verisign.com' expires in \d+ day/, "Output Warning" ); | 135 | like ( $res->output, qr/WARNING - Certificate '$host_tls_cert' expires in \d+ day/, "Output Warning" ); |
129 | 136 | ||
130 | $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); | 137 | $res = NPTest->testCmd( "./check_http $host_tls_http -C 1" ); |
131 | is( $res->return_code, 0, "Old syntax for cert checking okay" ); | 138 | is( $res->return_code, 0, "Old syntax for cert checking okay" ); |
132 | is( $res->output, $saved_cert_output, "Same output as new syntax" ); | 139 | is( $res->output, $saved_cert_output, "Same output as new syntax" ); |
133 | 140 | ||
134 | $res = NPTest->testCmd( "./check_http -H www.verisign.com -C 1" ); | 141 | $res = NPTest->testCmd( "./check_http -H $host_tls_http -C 1" ); |
135 | is( $res->return_code, 0, "Updated syntax for cert checking okay" ); | 142 | is( $res->return_code, 0, "Updated syntax for cert checking okay" ); |
136 | is( $res->output, $saved_cert_output, "Same output as new syntax" ); | 143 | is( $res->output, $saved_cert_output, "Same output as new syntax" ); |
137 | 144 | ||
138 | $res = NPTest->testCmd( "./check_http -C 1 www.verisign.com" ); | 145 | $res = NPTest->testCmd( "./check_http -C 1 $host_tls_http" ); |
139 | cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added"); | 146 | cmp_ok( $res->output, 'eq', $saved_cert_output, "--ssl option automatically added"); |
140 | 147 | ||
141 | $res = NPTest->testCmd( "./check_http www.verisign.com -C 1" ); | 148 | $res = NPTest->testCmd( "./check_http $host_tls_http -C 1" ); |
142 | cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); | 149 | cmp_ok( $res->output, 'eq', $saved_cert_output, "Old syntax for cert checking still works"); |
143 | 150 | ||
144 | # run some certificate checks with faketime | 151 | # run some certificate checks with faketime |
145 | SKIP: { | 152 | SKIP: { |
146 | skip "No faketime binary found", 12 if !$faketime; | 153 | skip "No faketime binary found", 12 if !$faketime; |
147 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 www.verisign.com"); | 154 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC ./check_http -C 1 $host_tls_http"); |
148 | like($res->output, qr/OK - Certificate 'www.verisign.com' will expire on/, "Catch cert output"); | 155 | like($res->output, qr/OK - Certificate '$host_tls_cert' will expire on/, "Catch cert output"); |
149 | is( $res->return_code, 0, "Catch cert output exit code" ); | 156 | is( $res->return_code, 0, "Catch cert output exit code" ); |
150 | my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); | 157 | my($mon,$day,$hour,$min,$sec,$year) = ($res->output =~ /(\w+)\s+(\d+)\s+(\d+):(\d+):(\d+)\s+(\d+)/); |
151 | if(!defined $year) { | 158 | if(!defined $year) { |
@@ -154,28 +161,28 @@ SKIP: { | |||
154 | my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; | 161 | my $months = {'Jan' => 0, 'Feb' => 1, 'Mar' => 2, 'Apr' => 3, 'May' => 4, 'Jun' => 5, 'Jul' => 6, 'Aug' => 7, 'Sep' => 8, 'Oct' => 9, 'Nov' => 10, 'Dec' => 11}; |
155 | my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); | 162 | my $ts = mktime($sec, $min, $hour, $day, $months->{$mon}, $year-1900); |
156 | my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); | 163 | my $time = strftime("%Y-%m-%d %H:%M:%S", localtime($ts)); |
157 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 www.verisign.com"); | 164 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts))."' ./check_http -C 1 $host_tls_http"); |
158 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' just expired/, "Output on expire date"); | 165 | like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' just expired/, "Output on expire date"); |
159 | is( $res->return_code, 2, "Output on expire date" ); | 166 | is( $res->return_code, 2, "Output on expire date" ); |
160 | 167 | ||
161 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 www.verisign.com"); | 168 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-1))."' ./check_http -C 1 $host_tls_http"); |
162 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 0 minutes/, "cert expires in 1 second output"); | 169 | like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 0 minutes/, "cert expires in 1 second output"); |
163 | is( $res->return_code, 2, "cert expires in 1 second exit code" ); | 170 | is( $res->return_code, 2, "cert expires in 1 second exit code" ); |
164 | 171 | ||
165 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 www.verisign.com"); | 172 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-120))."' ./check_http -C 1 $host_tls_http"); |
166 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 minutes/, "cert expires in 2 minutes output"); | 173 | like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 minutes/, "cert expires in 2 minutes output"); |
167 | is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); | 174 | is( $res->return_code, 2, "cert expires in 2 minutes exit code" ); |
168 | 175 | ||
169 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 www.verisign.com"); | 176 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts-7200))."' ./check_http -C 1 $host_tls_http"); |
170 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expires in 2 hours/, "cert expires in 2 hours output"); | 177 | like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expires in 2 hours/, "cert expires in 2 hours output"); |
171 | is( $res->return_code, 2, "cert expires in 2 hours exit code" ); | 178 | is( $res->return_code, 2, "cert expires in 2 hours exit code" ); |
172 | 179 | ||
173 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 www.verisign.com"); | 180 | $res = NPTest->testCmd("LC_TIME=C TZ=UTC faketime -f '".strftime("%Y-%m-%d %H:%M:%S", localtime($ts+1))."' ./check_http -C 1 $host_tls_http"); |
174 | like($res->output, qr/CRITICAL - Certificate 'www.verisign.com' expired on/, "Certificate expired output"); | 181 | like($res->output, qr/CRITICAL - Certificate '$host_tls_cert' expired on/, "Certificate expired output"); |
175 | is( $res->return_code, 2, "Certificate expired exit code" ); | 182 | is( $res->return_code, 2, "Certificate expired exit code" ); |
176 | }; | 183 | }; |
177 | 184 | ||
178 | $res = NPTest->testCmd( "./check_http --ssl www.verisign.com -E" ); | 185 | $res = NPTest->testCmd( "./check_http --ssl $host_tls_http -E" ); |
179 | like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); | 186 | like ( $res->output, '/time_connect=[\d\.]+/', 'Extended Performance Data Output OK' ); |
180 | like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); | 187 | like ( $res->output, '/time_ssl=[\d\.]+/', 'Extended Performance Data SSL Output OK' ); |
181 | 188 | ||
diff --git a/plugins/t/check_tcp.t b/plugins/t/check_tcp.t index f996685..121b0cb 100644 --- a/plugins/t/check_tcp.t +++ b/plugins/t/check_tcp.t | |||
@@ -18,6 +18,9 @@ BEGIN { | |||
18 | my $host_tcp_http = getTestParameter( "host_tcp_http", "NP_HOST_TCP_HTTP", "localhost", | 18 | my $host_tcp_http = getTestParameter( "host_tcp_http", "NP_HOST_TCP_HTTP", "localhost", |
19 | "A host providing the HTTP Service (a web server)" ); | 19 | "A host providing the HTTP Service (a web server)" ); |
20 | 20 | ||
21 | my $host_tls_http = getTestParameter( "host_tls_http", "NP_HOST_TLS_HTTP", "localhost", | ||
22 | "A host providing the HTTPS Service (a tls web server)" ); | ||
23 | |||
21 | my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", | 24 | my $host_nonresponsive = getTestParameter( "host_nonresponsive", "NP_HOST_NONRESPONSIVE", "10.0.0.1", |
22 | "The hostname of system not responsive to network requests" ); | 25 | "The hostname of system not responsive to network requests" ); |
23 | 26 | ||
@@ -42,10 +45,10 @@ $t += checkCmd( "./check_tcp $host_tcp_http -p 81 -wt 0 -ct 0 -to 1", 2 | |||
42 | $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -wt 0 -ct 0 -to 1", 2 ); | 45 | $t += checkCmd( "./check_tcp $host_nonresponsive -p 80 -wt 0 -ct 0 -to 1", 2 ); |
43 | $t += checkCmd( "./check_tcp $hostname_invalid -p 80 -wt 0 -ct 0 -to 1", 2 ); | 46 | $t += checkCmd( "./check_tcp $hostname_invalid -p 80 -wt 0 -ct 0 -to 1", 2 ); |
44 | if($internet_access ne "no") { | 47 | if($internet_access ne "no") { |
45 | $t += checkCmd( "./check_tcp -S -D 1 -H www.verisign.com -p 443", 0 ); | 48 | $t += checkCmd( "./check_tcp -S -D 1 -H $host_tls_http -p 443", 0 ); |
46 | $t += checkCmd( "./check_tcp -S -D 9000,1 -H www.verisign.com -p 443", 1 ); | 49 | $t += checkCmd( "./check_tcp -S -D 9000,1 -H $host_tls_http -p 443", 1 ); |
47 | $t += checkCmd( "./check_tcp -S -D 9000 -H www.verisign.com -p 443", 1 ); | 50 | $t += checkCmd( "./check_tcp -S -D 9000 -H $host_tls_http -p 443", 1 ); |
48 | $t += checkCmd( "./check_tcp -S -D 9000,8999 -H www.verisign.com -p 443", 2 ); | 51 | $t += checkCmd( "./check_tcp -S -D 9000,8999 -H $host_tls_http -p 443", 2 ); |
49 | } | 52 | } |
50 | 53 | ||
51 | # Need the \r\n to make it more standards compliant with web servers. Need the various quotes | 54 | # Need the \r\n to make it more standards compliant with web servers. Need the various quotes |