Initial version

298efab9 · Benjamin Renard · 298efab9 · 298efab9
Commit 298efab9 authored Aug 16, 2016 by Benjamin Renard
Hide whitespace changes
Inline Side-by-side

Showing with 185 additions and 0 deletions

README.md README.md +36 -0

check_nsupdate check_nsupdate +149 -0

No files found.
--- a/README.md
+++ b/README.md
+# Icinga/Nagios plugin to check nsupdate on bind server
+
+This plugin permit to check nsupdate on bind server.
+
+ - **Author :** Benjamin Renard <brenard@easter-eggs.com>
+ - **Initial release date :** Tue, 16 Aug 2016 17:34:10 +0200
+ - **Source :** https://gitlab.easter-eggs.com/brenard/check_nsupdate
+
+### Usage
+
+```
+Usage : check_nsupdate -z zone.tld [-R] [-s server] [-r record] [-k key.private] [-d]
+  -z zone         DNS zone to check
+  -R              Reverse mode
+  -s server       Optionnal : bind server address/FQDN (Default : 127.0.0.1)
+  -r record       Optionnal : DNS record to use for check
+                  (Default in forward mode : __check_nsupdate__)
+                  In reverse mode, you must provide full reverse record to use using
+                  -r parameter
+  -k key.private  Optionnal : Key to use for authentification to bind server
+  -d              Debug mode
+```
+
+### License
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License version 2
+as published by the Free Software Foundation.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
--- a/check_nsupdate
+++ b/check_nsupdate
+#!/bin/bash
+#
+# Icinga/Nagios plugin to check nsupdate on bind server.
+#
+# Author : Benjamin Renard <brenard@easter-eggs.com>
+# Date : Tue, 16 Aug 2016 17:34:10 +0200
+# Source : https://gitlab.easter-eggs.com/brenard/check_nsupdate
+#
+
+DEFAULT_RECORD_FORWARD="__check_nsupdate__"
+DEFAULT_SRV="127.0.0.1"
+
+function usage() {
+	echo "Usage : $0 -z zone.tld [-R] [-s server] [-r record] [-k key.private] [-d]"
+	echo "  -z zone         DNS zone to check"
+	echo "  -R              Reverse mode"
+	echo "  -s server       Optionnal : bind server address/FQDN (Default : $DEFAULT_SRV)"
+	echo "  -r record       Optionnal : DNS record to use for check"
+	echo "                  (Default in forward mode : $DEFAULT_RECORD_FORWARD)"
+	echo "                  In reverse mode, you must provide full reverse record to use using"
+	echo "                  -r parameter"
+	echo "  -k key.private  Optionnal : Key to use for authentification to bind server"
+	echo "  -d              Debug mode"
+}
+
+DEBUG=0
+ZONE=""
+SRV="$DEFAULT_SRV"
+RECORD=""
+KEY=""
+REVERSE=0
+while getopts ":z:s:r:k:Rhd" opt
+do
+        case "$opt" in
+                d)
+                        DEBUG=1
+                ;;
+                z)
+                        ZONE="$OPTARG"
+                ;;
+                s)
+                        SRV="$OPTARG"
+                ;;
+                r)
+                        RECORD="$OPTARG"
+                ;;
+                k)
+                        KEY="$OPTARG"
+                ;;
+		R)
+			REVERSE=1
+		;;
+		h)
+			usage
+			exit 0
+		;;
+                *)
+			echo "UNKNOWN : Unknown parameter '$opt'"
+			usage
+                        exit 3
+                ;;
+        esac
+done
+
+[ -z "$ZONE" ] && echo "UNKNOWN : You must provide DNS zone" && usage && exit 3
+
+if [ -z "$RECORD" ]
+then
+	if [ $REVERSE -eq 0 ]
+	then
+		RECORD=$DEFAULT_RECORD_FORWARD
+	else
+		echo "UNKNOWN : In reverse mode, you must provide full reverse record to use using -r parameter."
+		usage
+		exit 3
+	fi
+fi
+
+function debug() {
+	[ $DEBUG -eq 1 ] && echo -e "$@"
+}
+
+TMP=$( mktemp )
+LOG=$( mktemp )
+
+debug "Use temporary file $TMP"
+debug "Use log file $LOG"
+
+VALUE="${RECORD}-$( date +%s )"
+debug "Temporary TXT value : '$VALUE'"
+
+if [ $REVERSE -eq 0 ]
+then
+	RECORD="${RECORD}.${ZONE}."
+else
+	RECORD="${RECORD}."
+fi
+
+echo "server $SRV
+zone $ZONE
+update delete ${RECORD} TXT
+update add ${RECORD} 180 TXT $VALUE
+show
+send" > $TMP
+
+debug "Test file :\n$( cat $TMP )"
+
+KEY_ARG=""
+[ -n "$KEY" ] && KEY_ARG="-k '$KEY'"
+
+nsupdate $KEY_ARG -v $TMP > $LOG 2>&1
+RES=$( cat $LOG )
+RET=$?
+
+
+debug "nsupdate result :\n$RES"
+
+[ $RET -ne 0 ] && echo -e "CRITICAL : nsupdate command return $RET\n\n$RES" && exit 2
+
+HOST_VALUE=$( host -t TXT $RECORD $SRV|grep 'descriptive text'|head -n1|sed 's/^.* descriptive text "\([^"]*\)"$/\1/' )
+
+debug "Host value : $HOST_VALUE"
+
+debug "Clean ..."
+echo "server $SRV
+zone $ZONE
+update delete ${RECORD} TXT
+show
+send" > $TMP
+
+nsupdate $KEY_ARG -v $TMP > $LOG 2>&1
+RES=$( cat $LOG )
+RET=$?
+
+debug "Clean result (return $RET) :\n$RES"
+
+debug "Remove temporary file $TMP"
+rm -f "$TMP"
+
+if [ "$HOST_VALUE" == "$VALUE" ]
+then
+	echo "OK - nsupdate check success"
+	exit 0
+else
+	echo "CRITICAL - nsupdate change done but resolved value differ to put value"
+	echo "Put value : $VALUE"
+	echo "Resolved value : $HOST_VALUE"
+	exit 2
+fi