From ea7c04d67335bf6398e67d18b332fdcd620cdc4e Mon Sep 17 00:00:00 2001 From: Christoph Egger Date: Wed, 29 Oct 2014 22:24:50 +0100 Subject: [PATCH] Set return codes as needed for nagios / icinga --- dnssec-check | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/dnssec-check b/dnssec-check index 5cf0d59..25a45ac 100755 --- a/dnssec-check +++ b/dnssec-check @@ -22,10 +22,11 @@ def check_dnssec_expire(resolver, name, warn, crit): s, result = resolver.resolve(name, rrtype=RR_TYPE_SOA) if 0 != s: ub_strerror(s) - return + return 3 if not result.secure: print("CRIT (does not verify) %s" % (name, )) + return 2 s, packet = ldns.ldns_wire2pkt(result.packet) rrsigs = packet.rr_list_by_type(RR_TYPE_RRSIG, ldns.LDNS_SECTION_ANSWER).rrs() @@ -34,8 +35,11 @@ def check_dnssec_expire(resolver, name, warn, crit): if delta < crit: print("CRIT (expires in %s) %s" % (delta, name)) + return 2 elif delta < warn: print("WARN (expires in %s) %s" % (delta, name)) + return 1 + return 0 def main(): @@ -59,10 +63,19 @@ def main(): resolver = ub_ctx() resolver.add_ta_file(opts.ancor) encoding = sys.getfilesystemencoding() - + + final = 0 for name in opts.names: - check_dnssec_expire(resolver, idn2dname(name.decode(encoding)), - timedelta(opts.warn), timedelta(opts.crit)) + result = check_dnssec_expire(resolver, idn2dname(name.decode(encoding)), + timedelta(opts.warn), timedelta(opts.crit)) + if result == 2: + final = 2 + elif result == 1 and final != 2: + final = 1 + elif result == 3 and final not in [1, 2]: + final = 3 + + sys.exit(final) if __name__ == "__main__": main() -- 2.39.5