From 1e2387474a449452b78520b9ad96a8b4b5e99722 Mon Sep 17 00:00:00 2001 From: Harald Pfeiffer Date: Wed, 17 Apr 2019 19:07:19 +0200 Subject: initial commit of source fetch --- .../check_etc_hosts/Makefile | 5 + .../check_etc_hosts/check_etc_hosts | 249 +++++++++++++++++++++ .../check_etc_hosts/control | 8 + .../check_etc_hosts/copyright | 14 ++ .../check_etc_hosts/tests | 3 + 5 files changed, 279 insertions(+) create mode 100644 nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/Makefile create mode 100755 nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/check_etc_hosts create mode 100644 nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/control create mode 100644 nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/copyright create mode 100644 nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/tests (limited to 'nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts') diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/Makefile b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/Makefile new file mode 100644 index 0000000..05be571 --- /dev/null +++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/Makefile @@ -0,0 +1,5 @@ +#/usr/bin/make -f + +PLUGIN = check_etc_hosts + +include ../common.mk diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/check_etc_hosts b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/check_etc_hosts new file mode 100755 index 0000000..e804131 --- /dev/null +++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/check_etc_hosts @@ -0,0 +1,249 @@ +#!/usr/bin/perl -w +# +# Author: Petter Reinholdtsen +# Date: 2002-07-08 +# +# Check /etc/hosts, and make sure the content matches the information +# in DNS. Lookup IP, and check if the names listed in /etc/hosts +# maches the one in DNS. It will ignore entries with '# NAGIOSIGNORE' +# at the end. + +use vars qw($use_perl_resolver $debug $returnvalue $nagiosmsg); + +$debug = 0; +$returnvalue = 0; # all ok +$nagiosmsg = ""; + +# Report missing reverse lookup. This will ignore CNAME entries +# pointing to the IP address, and report error in these cases. +$use_reverse = 0; + +# Report missing forward-lookup. This will complain on private +# network IP addresses using the same name as a DNS entry. +$use_forward = 1; + +eval 'use Net::DNS;'; +if ($@) { + print "Using /etc/hosts\n" if $debug; + $use_perl_resolver = 0; +} else { + print "Using Net::DNS\n" if $debug; + $use_perl_resolver = 1; +} + +$host = '/usr/bin/host'; + +# Look up ip address, and return ($error status, @DNS names, @DNS addresses) +sub dns_lookup_ext { + local $address = shift; + + # Stupid Tru64 Unix give me two copies of the error messages from + # host. Throw away one of them. + close(STDERR); + + print "Looking up $address using $host\n" if $debug; + + my @names = (); + my @addresses = (); + + my $lookup = ""; + # Some versions need -i to make sure it uses reverse DNS lookup, + # and not /etc/hosts. + # This option will confuse 'host' on Irix and HP/UX, and make the + # program loop forever. Avoiding it for now [pere 2002-08-06] + for $options ("") { + open(HOST, "$host $options $address 2>&1 |") + || die "Unable to execute host"; + while () { + $lookup .= $_; + chomp; + print "host: $_\n" if $debug; + + push(@names, lc($1)) if (/^Name: (.+)$/); + push(@names, lc($1)) if (/^Aliases: (.+)$/); + + # 10.6.240.129.in-addr.arpa PTR perleporten.uio.no + push(@names, lc($1)) if (/\s+PTR\s+(.+)$/); + + # spheniscus.uio.no has address 129.240.148.19 + if (/^\S+ has address (\S+)$/) { + print "Match addr $1\n" if $debug; + push(@addresses, lc($1)) + } + + # 10.6.240.129.IN-ADDR.ARPA domain name pointer perleporten.uio.no + if (/IN-ADDR.ARPA domain name pointer\s+(.+)$/) { + print "Match name $1\n" if $debug; + push(@names, lc($1)) + } + + push(@addresses, $1) if (/^Address: (.+)$/); + push(@addresses, $1) if (/\s+A\s+(\d+.+)$/) + } + close(HOST); + if ($lookup =~ /Usage: /) { + # Probably unknown parameter, try again without -i + $lookup = ""; + } else { + last; + } + } + return ("no/bad reply from DNS server", undef, undef) + if ($lookup !~ /domain name pointer/ + && $lookup !~ /\shas address\s/ + && $lookup !~ /\sPTR\s/ + && $lookup !~ /Name:/); + + if ( $address =~ m/^\d+\.\d+\.\d+\.\d+/ + && ! grep /$address/, @addresses ) { + print "Adding $address to list of addresses\n" if $debug; + unshift(@addresses, $address) ; + } + + return (undef, \@names, \@addresses); +} + +sub dns_lookup_int { + my $address = shift; + + print "Looking up $address using Net::DNS\n" if $debug; + + my @names = (); + my @addresses = (); + + my $res = new Net::DNS::Resolver; + my $query; + if ($address =~ m/\d+\.\d+\.\d+\.\d+/) { + $query = $res->query($address); + } else { + $query = $res->search($address); + } + if ($query) { + foreach $rr ($query->answer) { + print "Type: $rr->type\n" if $debug; + if ($rr->type eq "A") { + print $rr->address, " - A\n" if $debug; + push(@addresses, $rr->address); + } + if ($rr->type eq "CNAME") { + print $rr->cname, " - CNAME\n" if $debug; + push(@addresses, $rr->cname); + } + if ($rr->type eq "PTR") { + print $rr->ptrdname, " - PTR\n" if $debug; + push(@names, lc($rr->ptrdname)); + } + } + return (undef, \@names, \@addresses); + } + else { + print "query failed: ", $res->errorstring, "\n" if $debug; + return ($res->errorstring, (), ()); + } +} + +sub dns_lookup { + my $entry = shift; + + if ($use_perl_resolver) { + return dns_lookup_int($entry); + } else { + return dns_lookup_ext($entry); + } +} + +sub error { + local ($level, $error) = @_; + + $returnvalue = 1 if ($level =~ /^W$/ && $returnvalue <= 1); + $returnvalue = 2 if ($level =~ /^C$/); + + $nagiosmsg = $nagiosmsg . "
" unless ($nagiosmsg =~ /^$/); + $nagiosmsg = $nagiosmsg . "$error"; +} + +sub is_ip_private { + my $ip = shift; + + return 1 if ($ip =~ m/^10\./); + return 1 if ($ip =~ m/^192\.168\./); + + return 0; +} + +sub is_names_ip_matching { + local ($ip, @names) = @_; + + my $level = "W"; + + # Ignore IPv6 addresses for now. + return if ($ip =~ m/:/); + + # Ignore private network + return if (is_ip_private($ip)); + + my $name; + for $name (sort @names) { + if ($use_reverse) { + # Check reverse + my ($retval, $revnames) = dns_lookup($ip); + + return if ( $retval ); # Ignore unknown IP addresses + + if ( ! $retval && ! grep /$name/, @{$revnames} ) { + error $level, "Incorrect /etc/hosts for $ip: ". + "$name not in reverse DNS list"; + } + } + + if ($use_forward) { + # Check forward + my ($retval, $revnames, $forwip); + + ($retval, $revnames) = dns_lookup($ip); + ($retval, undef, $forwip) = dns_lookup($name); + + print "Forward DNS $name/$ip: ", join(" ", @{$forwip}), "\n" + if $debug; + + # Ignore entry if both IP and hostname fail to resolve in DNS + return if ( ! defined $revnames && ! defined $forwip ); + + if ( ! grep /$ip/, @{$forwip} ) { + error $level, "Incorrect /etc/hosts for $ip: ". + "IP not in forward DNS list for '$name'"; + } + } + } +} + +sub check_etc_hosts { + open(HOSTS, "< /etc/hosts") || die "Unable to open /etc/hosts"; + while () { + chomp; + next if (/# NAGIOSIGNORE$/); # Skip lines marked to be ignored + s/\#.+//; # Skip comments + next if (/^\s*$/); # Skip empty lines + + print "Testing $_\n" if $debug; + + $_ = lc($_); + + local ($ip, @names) = split(/\s+/); + + # Skip localhost, it is different on some platforms. + next if ($ip eq '127.0.0.1'); + + is_names_ip_matching($ip, @names); + } + close(HOSTS); +} + +check_etc_hosts() if ( -f "/etc/hosts" ); + +if ($nagiosmsg =~ /^$/) { + print "/etc/hosts OK\n"; +} else { + print $nagiosmsg . "\n"; +} +exit $returnvalue; diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/control b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/control new file mode 100644 index 0000000..313dffc --- /dev/null +++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/control @@ -0,0 +1,8 @@ +Uploaders: Petter Reinholdtsen +Description: plugin to check /etc/hosts for DNS consistency + Check /etc/hosts, and make sure the content matches the information + in DNS. Lookup IP, and check if the names listed in /etc/hosts + maches the one in DNS. It will ignore entries with '# NAGIOSIGNORE' + at the end. +Recommends: libnet-dns-perl +Version: ? diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/copyright b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/copyright new file mode 100644 index 0000000..49c53a6 --- /dev/null +++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/copyright @@ -0,0 +1,14 @@ +Copyright (C) 2002 Petter Reinholdtsen + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, see . diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/tests b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/tests new file mode 100644 index 0000000..026679d --- /dev/null +++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_etc_hosts/tests @@ -0,0 +1,3 @@ +Depends: libnet-dns-perl +Test-Command: echo "127.0.0.1 localhost" > /etc/hosts && /usr/lib/nagios/plugins/check_etc_hosts +Restrictions: needs-root, breaks-testbed -- cgit v1.2.3