sensu-plugins-http-boutetnico 1.0.0

data/bin/check-https-cert.rb

@@ -0,0 +1,122 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   check-https-cert
+#
+# DESCRIPTION:
+#    Checks the expiration date of a URL's TLS/SSL Certificate
+#    and notifies if it is before the expiry parameter. Throws
+#    a critical if the date is at or past the expiry date.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: net-https
+#
+# USAGE:
+#   Check that will warn 1 week prior and critical 3 days prior
+#      ./check-https-cert.rb -u https://my.site.com -w 7 -c 3
+#
+#   Check an insecure certificate that will warn 1 week prior and critical 3 days prior
+#      ./check-https-cert.rb -u https://my.site.com -k -w 7 -c 3
+#
+#   Check that a certificate has successfully expired
+#      ./check-https-cert.rb -u https://my.site.com -k -e
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2014 Rhommel Lamas <roml@rhommell.com>
+#   Updated 2017 Phil Porada <philporada@gmail.com>
+#     - Provide more clear usage documentation and messages
+#     - Added check for successfully expired certificate
+#     - Added long flags
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'net/https'
+
+#
+# Check HTTP
+#
+class CheckHttpCert < Sensu::Plugin::Check::CLI
+  option :url,
+         short: '-u URL',
+         long: '--url URL',
+         proc: proc(&:to_s),
+         description: 'The URL to connect to'
+
+  option :warning,
+         short: '-w',
+         long: '--warning DAYS',
+         proc: proc(&:to_i),
+         default: 50,
+         description: 'Warn EXPIRE days before cert expires'
+
+  option :critical,
+         short: '-c',
+         long: '--critical DAYS',
+         proc: proc(&:to_i),
+         default: 25,
+         description: 'Critical EXPIRE days before cert expires'
+
+  option :expired,
+         short: '-e',
+         long: '--expired',
+         boolean: true,
+         description: 'Expect certificate to be expired',
+         default: false
+
+  option :insecure,
+         short: '-k',
+         long: '--insecure',
+         boolean: true,
+         description: 'Enabling insecure connections',
+         default: false
+
+  def run
+    uri = URI.parse(config[:url])
+    http = Net::HTTP.new(uri.host, uri.port)
+    http.use_ssl = true
+    http.verify_mode = if config[:insecure]
+                         OpenSSL::SSL::VERIFY_NONE
+                       else
+                         OpenSSL::SSL::VERIFY_PEER
+                       end
+
+    http.start do |h|
+      @cert = h.peer_cert
+    end
+    days_until = ((@cert.not_after - Time.now) / (60 * 60 * 24)).to_i
+
+    if config[:expired]
+      if days_until >= 0
+        critical "TLS/SSL certificate expires on #{@cert.not_after} - #{days_until} days left."
+      else
+        ok "TLS/SSL certificate expired #{days_until.abs} days ago."
+      end
+    end
+
+    unless config[:expired]
+      if days_until <= 0
+        critical "TLS/SSL certificate expired #{days_until.abs} days ago."
+      elsif days_until < config[:critical].to_i
+        critical "TLS/SSL certificate expires on #{@cert.not_after} - #{days_until} days left."
+      elsif days_until < config[:warning].to_i
+        warning "TLS/SSL certificate expires on #{@cert.not_after} - #{days_until} days left."
+      else
+        ok "TLS/SSL certificate expires on #{@cert.not_after} - #{days_until} days left."
+      end
+    end
+  rescue StandardError
+    critical "Could not connect to #{config[:url]}"
+  end
+end

data/bin/check-last-modified.rb

@@ -0,0 +1,178 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   check-fleet-units
+#
+# DESCRIPTION:
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#
+# USAGE:
+#
+# NOTES:
+#
+# LICENSE:
+#   Barry Martin <nyxcharon@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+require 'sensu-plugin/check/cli'
+require 'net/https'
+require 'time'
+require 'aws-sdk'
+require 'json'
+require 'sensu-plugins-http'
+
+#
+# Checks the last modified time of a file to verify it has been updated with a
+# specified threshold.
+#
+class CheckLastModified < Sensu::Plugin::Check::CLI
+  include Common
+  option :aws_access_key_id,
+         short: '-a AWS_ACCESS_KEY_ID',
+         long: '--aws-access-key-id AWS_ACCESS_KEY_ID',
+         description: 'AWS Access Key. Either set ENV["AWS_ACCESS_KEY_ID"] or provide it as an option',
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-k AWS_SECRET_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: 'AWS Secret Access Key. Either set ENV["AWS_SECRET_ACCESS_KEY"] or provide it as an option',
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default: 'us-east-1'
+
+  option :s3_config_bucket,
+         short: '-s S3_CONFIG_BUCKET',
+         long: '--s3-config-bucket S3_CONFIG_BUCKET',
+         description: 'S3 config bucket'
+
+  option :s3_config_key,
+         short: '-k S3_CONFIG_KEY',
+         long: '--s3-config-key S3_CONFIG_KEY',
+         description: 'S3 config key'
+
+  option :url,
+         short: '-u URL',
+         long: '--url URL',
+         description: 'The URL of the file to be checked'
+
+  option :user,
+         short: '-U USER',
+         long: '--username USER',
+         description: 'A username to connect as'
+
+  option :password,
+         short: '-a PASS',
+         long: '--password PASS',
+         description: 'A password to use for the username'
+
+  option :threshold,
+         short: '-t TIME',
+         long: '--time TIME',
+         description: 'The time in seconds the file should be updated by'
+
+  option :follow_redirects,
+         short: '-R FOLLOW_REDIRECTS',
+         long: '--redirect FOLLOW_REDIRECTS',
+         proc: proc(&:to_i),
+         default: 0,
+         description: 'Follow first <N> redirects'
+
+  option :follow_redirects_with_get,
+         short: '-g GET_REDIRECTS',
+         long: '--get-redirects GET_REDIRECTS',
+         proc: proc(&:to_i),
+         default: 0,
+         description: 'Follow first <N> redirects with GET requests'
+
+  option :auth_first_only,
+         short: '-A',
+         long: '--auth-first-only',
+         default: true,
+         description: 'Use basic auth on first request only'
+
+  def follow_uri(uri, total_redirects, get_redirects, auth_count)
+    location = URI(uri)
+    http = Net::HTTP.new(location.host, location.port)
+
+    if location.port == 443
+      http.use_ssl = true
+    end
+
+    request = if get_redirects > 0
+                Net::HTTP::Get.new(location.request_uri)
+              else
+                Net::HTTP::Head.new(location.request_uri)
+              end
+
+    if auth_count > 0 && config[:user] && config[:password] && total_redirects == config[:follow_redirects]
+      http.use_ssl = true
+      request.basic_auth(config[:user], config[:password])
+      auth_count -= 1
+    end
+
+    response = http.request(request)
+
+    if total_redirects > 0
+      case response
+      when Net::HTTPSuccess     then response
+      when Net::HTTPRedirection then follow_uri(response['location'], total_redirects - 1, get_redirects - 1, auth_count)
+      else
+        critical 'Http Error'
+      end
+    else
+      case response
+      when Net::HTTPSuccess then response
+      else
+        critical 'Http Error'
+      end
+    end
+  end
+
+  def run
+    merge_s3_config
+
+    url = config[:url]
+    threshold = config[:threshold]
+
+    # Validate arguments
+    unless url
+      unknown 'No URL specified'
+    end
+
+    unless threshold
+      unknown 'No threshold specified'
+    end
+
+    response = follow_uri(url, config[:follow_redirects], config[:follow_redirects_with_get], config[:auth_first_only] ? 1 : config[:follow_redirects])
+
+    # Build a request from user options and then request it
+    if response.header['last-modified'].nil?
+      critical 'Http Error'
+    end
+
+    # Get timestamp of file and local timestamp and compare (Both in UTC)
+    file_stamp = Time.parse(response.header['last-modified']).getgm
+    local_stamp = Time.now.getgm
+
+    if (local_stamp - file_stamp).to_i <= threshold.to_i
+      ok 'Last modified time OK'
+    else
+      critical 'Last modified time greater than threshold'
+    end
+  end
+end

data/bin/metrics-curl.rb

@@ -0,0 +1,86 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   metrics-curl
+#
+# DESCRIPTION:
+#   Simple wrapper around curl for getting timing stats from the various phases
+#   of connecting to an HTTP/HTTPS server.
+#
+# OUTPUT:
+#   metric data
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#
+# USAGE:
+#   #YELLOW
+#
+# NOTES:
+#   Based on: http://dev.nuclearrooster.com/2009/12/07/quick-download-benchmarks-with-curl/
+#   by Nick Stielau.
+#
+# LICENSE:
+#   Copyright 2012 Joe Miller
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+require 'socket'
+require 'English'
+require 'sensu-plugin/metric/cli'
+
+#
+# Curl Metrics
+#
+class CurlMetrics < Sensu::Plugin::Metric::CLI::Graphite
+  option :url,
+         short: '-u URL',
+         long: '--url URL',
+         description: 'valid cUrl url to connect',
+         default: 'http://127.0.0.1:80/'
+
+  option :curl_args,
+         short: '-a "CURL ARGS"',
+         long: '--curl_args "CURL ARGS"',
+         description: 'Additional arguments to pass to curl',
+         default: ''
+
+  option :scheme,
+         description: 'Metric naming scheme, text to prepend to metric',
+         short: '-s SCHEME',
+         long: '--scheme SCHEME',
+         required: true,
+         default: "#{Socket.gethostname}.curl_timings"
+
+  def run
+    `which curl > /dev/null 2>&1`
+    unless $CHILD_STATUS == 0
+      critical 'CRITICAL: curl executable not found in PATH on this system.'\
+               ' If curl cannot be installed, consider using metrics_libcurl.rb instead.'
+    end
+
+    cmd = "LC_NUMERIC=C curl --silent --output /dev/null #{config[:curl_args]} "
+    cmd += '-w "%{time_total},%{time_namelookup},%{time_connect},%{time_pretransfer},%{time_redirect},%{time_starttransfer},%{http_code}" '
+    cmd += config[:url]
+    output = `#{cmd}`
+
+    (time_total, time_namelookup, time_connect, time_pretransfer, time_redirect, time_starttransfer, http_code) = output.split(',')
+    output "#{config[:scheme]}.time_total", time_total
+    output "#{config[:scheme]}.time_namelookup", time_namelookup
+    output "#{config[:scheme]}.time_connect", time_connect
+    output "#{config[:scheme]}.time_pretransfer", time_pretransfer
+    output "#{config[:scheme]}.time_redirect", time_redirect
+    output "#{config[:scheme]}.time_starttransfer", time_starttransfer
+    output "#{config[:scheme]}.http_code", http_code
+
+    if $CHILD_STATUS.to_i == 0
+      ok
+    else
+      warning
+    end
+  end
+end

data/bin/metrics-http-json-deep.rb

@@ -0,0 +1,133 @@
+#! /usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   metrics-http-json-deep
+#
+# DESCRIPTION:
+#   Get metrics in json format via http/https
+#
+# OUTPUT:
+#   metric data
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: uri
+#   gem: socket
+#   gem: oj
+#
+# USAGE:
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2016 Hayato Matsuura
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/metric/cli'
+require 'net/https'
+require 'uri'
+require 'socket'
+require 'oj'
+
+#
+# JSON Metrics
+#
+class JsonDeepMetrics < Sensu::Plugin::Metric::CLI::Graphite
+  option :url,
+         short: '-u URL',
+         long: '--url URL',
+         description: 'Full URL to JSON, example: https://example.com/foo.json This ignores --hostname and --port options'
+
+  option :hostname,
+         short: '-h HOSTNAME',
+         long: '--host HOSTNAME',
+         description: 'App server hostname',
+         default: '127.0.0.1'
+
+  option :port,
+         short: '-P PORT',
+         long: '--port PORT',
+         description: 'App server port',
+         default: '80'
+
+  option :path,
+         short: '-p PATH',
+         long: '--path ROOTPATH',
+         description: 'Path for json',
+         default: 'status'
+
+  option :root,
+         short: '-r ROOTPATH',
+         long: '--rootpath ROOTPATH',
+         description: 'Root attribute for json',
+         default: 'value'
+
+  option :scheme,
+         description: 'Metric naming scheme, text to prepend to metric',
+         short: '-s SCHEME',
+         long: '--scheme SCHEME',
+         default: "#{Socket.gethostname}.json"
+
+  option :numonly,
+         description: 'Output numbers only',
+         short: '-n',
+         long: '--number'
+
+  option :decimal_places,
+         description: 'Number of decimal places to allow, to be used with --number',
+         short: '-f DECIMAL_PLACES',
+         long: '--floats DECIMAL_PLACES',
+         proc: proc(&:to_i),
+         default: 4
+
+  def deep_value(hash, scheme = '')
+    hash.each do |key, value|
+      ekey = key.gsub(/\s/, '_')
+      if value.is_a?(Hash)
+        deep_value(value, "#{scheme}.#{ekey}")
+      elsif config[:numonly]
+        output "#{scheme}.#{ekey}", value.round(config[:decimal_places]) if value.is_a?(Numeric)
+      else
+        output "#{scheme}.#{ekey}", value
+      end
+    end
+  end
+
+  def run
+    found = false
+    attempts = 0
+    until found || attempts >= 10
+      attempts += 1
+      if config[:url]
+        uri = URI.parse(config[:url])
+        http = Net::HTTP.new(uri.host, uri.port)
+        if uri.scheme == 'https'
+          http.use_ssl = true
+          http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end
+        request = Net::HTTP::Get.new(uri.request_uri)
+        response = http.request(request)
+        if response.code == '200'
+          found = true
+        elsif !response.header['location'].nil?
+          config[:url] = response.header['location']
+        end
+      else
+        response = Net::HTTP.start(config[:hostname], config[:port]) do |connection|
+          request = Net::HTTP::Get.new("/#{config[:path]}")
+          connection.request(request)
+        end
+      end
+    end
+
+    metrics = Oj.load(response.body, mode: :compat)
+    deep_value(metrics[config[:root]], config[:scheme])
+    ok
+  end
+end