Hacked By AnonymousFox

#!/usr/libexec/platform-python

#####################################
# this file is under Puppet control #
# the last change:                  #
# 2014/10/08, Eduard N.             #
#####################################

"""Nagios plugin to check the csf status and updates."""

__title__ = 'check_csf'
__version__ = '''2014/10/08, 1.2.2,
special version for NC, Eduard N.'''

'''
Please pay attention that it's necessary to add following access to sudoers file(s)
/usr/sbin/csf -c
/usr/sbin/csf -g "special_IP"
'''

debug = 0
special_IP = '198.54.118.100' # IP of pm4
#special_IP = '198.54.118.40' # IP of pm4
#special_IP = '162.213.249.250' # IP of pm2
CSF = '/usr/sbin/csf'
SUDO = '/usr/bin/sudo'

OK = 0
WARNING = 1
CRITICAL = 2
UNKNOWN = 3

import os, re, sys


def end(status, message, perfdata=""):
    """Exits the plugin with first arg as the return code and the second arg as the message to output."""

    if perfdata:
        print( "%s | %s" % (message, perfdata))
    else:
        print( "%s" % message)

    if status == OK:
        sys.exit(OK)
    elif status == WARNING:
        sys.exit(WARNING)
    elif status == CRITICAL:
        sys.exit(CRITICAL)
    else:
        sys.exit(UNKNOWN)

try:
    from subprocess import Popen, PIPE, STDOUT
except ImportError:
    end(WARNING, 'This script should be run under Python version more than 2.3')

def check_csf_usable():
    """Checks that the CSF program and path are correct and usable - that the program exists and is executable, otherwise exits with error."""

    if not os.path.exists(CSF):
        end(UNKNOWN, "%s cannot be found" % CSF)
    elif not os.path.isfile(CSF):
        end(UNKNOWN, "%s is not a file" % CSF)
    elif not os.access(CSF, os.X_OK):
        end(UNKNOWN, "%s is not executable" % CSF)

def check_programm_usable(programm, access = True):
        """Checks that the SUDO program and path are correct and usable - that the program exists and is executable, otherwise exits with error."""

        if not os.path.exists(programm):
                end(UNKNOWN, "%s cannot be found" % programm)
        elif not os.path.isfile(programm):
                end(UNKNOWN, "%s is not a file" % programm)
        elif access and not os.access(programm, os.X_OK):
                end(UNKNOWN, "%s is not executable" % programm)


import argparse

parser = argparse.ArgumentParser(description='csf status')
parser.add_argument("-s", "--speсialip", type=str, default="198.54.118.100", help="Default is 198.54.118.100")
    
special_IP = parser.parse_args().speсialip

check_programm_usable(SUDO)
check_programm_usable(CSF, False)

# check of current state of csf
re_status_disabled = re.compile('csf and lfd have been disabled')
re_status_checkIP = re.compile('^\w*\s*\d*\s*\d*\s*\d*.*\s*ACCEPT\s*\w*\s*.*'+special_IP+'\s*',re.M)

cmd = SUDO + ' ' + CSF + ' -g ' + special_IP 
process = Popen(cmd.split(), stdout=PIPE, stderr=STDOUT, encoding="utf-8" )
output = process.communicate()
returncode = process.returncode
stdout = output[0]
if debug: print (cmd, stdout)
if re.match(re_status_disabled, stdout):
    end(CRITICAL, stdout)
elif re.search(re_status_checkIP, stdout):
    pass
else:
    end(CRITICAL, "Rule set isn't full. Check config and restart csf. " + stdout.strip())


# check new updates
re_update_latest = re.compile('csf is already at the latest version')
re_update_not_latest = re.compile('A newer version of csf is available')

cmd = SUDO + ' ' + CSF + ' -c'
process = Popen(cmd.split(), stdout=PIPE, stderr=STDOUT, encoding="utf-8")
output = process.communicate()
returncode = process.returncode
stdout = output[0]
if debug: print (cmd, stdout)

if re.match(re_update_not_latest, stdout):
    end(WARNING, stdout)
elif re.match(re_update_latest, stdout):
    end(OK, stdout)
else:
    end(WARNING, stdout)