Announcement

Collapse
No announcement yet.

Pb exécution plugin perl

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • boblemarin
    replied
    Voici un plugin vérifiant les ports des switchs et retournant une liste des ports bloqués par port sécurity:

    Code:
      #! /usr/bin/perl -w
    
    use strict;
    use Net::SNMP;
    use Getopt::Long;
    
    
    use utils qw(%ERRORS $TIMEOUT);
    
    #Definition des OID a surveiller
    
    #5000 (CISCO-STACK-MIB)
    my $modIndexoid = '1.3.6.1.4.1.9.5.1.3.1.1.1';
    my $modNumPortoid = '1.3.6.1.4.1.9.5.1.3.1.1.14';
    my $AdmStaoid = '1.3.6.1.4.1.9.5.1.10.1.1.3';
    my $OpeStaoid = '1.3.6.1.4.1.9.5.1.10.1.1.4';
    
    #2924 (CISCO-C2900-MIB)
    my $PortUsaoid = '1.3.6.1.4.1.9.9.87.1.4.1.1.3';
    my $PortAddrSecoid = '1.3.6.1.4.1.9.9.87.1.4.1.1.12';
    
    #2960 (CISCO-PORT-SECURITY-MIB)
    my $SecEnaoid = '1.3.6.1.4.1.9.9.315.1.2.1.1.1';
    my $SecStaoid = '1.3.6.1.4.1.9.9.315.1.2.1.1.2';
    
    
    #Definition des etat sur 5000, 6500 et LS ATTENTION les indices changent entre les equipements
    my @C5000_etat = ("","UNKNOWN","OK","WARNING","CRITICAL");
    my @C6500_etat = ("","NORMAL","WARNING","CRITICAL","SHUTDOWN","NOT-PRESENT","NOT-FUNCTIONING");
    my @LS_etat = ("","UNKNOWN","OK","FAULT","FAN-ALARM","PARTIAL-FAULT","EMPTY");
    
    # Globals
    my $Version='0';
    
    my $o_host = 	undef; 		# hostname
    my $o_community = undef; 	# community
    my $o_port = 	161; 		# port
    my $o_help=	undef; 		# wan't some help ?
    #my $o_verb=	undef;		# verbose mode
    my $o_version=	undef;		# print version
    my $o_timeout=  undef; 		# Timeout (Default 5)
    my $o_perf=     undef;          # Output performance data
    my $o_version2= undef;          # use snmp v2c
    
    # SNMPv3 specific
    my $o_login=	undef;		# Login for snmpv3
    my $o_passwd=	undef;		# Pass for snmpv3
    my $v3protocols=undef;	        # V3 protocol list.
    my $o_authproto='md5';		# Auth protocol
    my $o_privproto='des';		# Priv protocol
    my $o_privpass= undef;		# priv password
    
    
    #Fonctions
    sub p_version { print "check_snmp_env5000 version : $Version\n"; }
    
    sub print_usage {
        print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) \n";
    }
    
    sub check_options {
        Getopt::Long::Configure ("bundling");
        GetOptions(
            'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
            'C:s'   => \$o_community,	'community:s'	=> \$o_community,
    	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
    	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
    	'X:s'	=> \$o_privpass,	'privpass:s'	=> \$o_privpass,
    	'L:s'	=> \$v3protocols,	'protocols:s'	=> \$v3protocols,
            't:i'   => \$o_timeout,       	'timeout:i'     => \$o_timeout,
    	'V'	=> \$o_version,		'version'	=> \$o_version,
    	'2'     => \$o_version2,        'v2c'           => \$o_version2,
    	);
    
    
        
       
    #Basic checks
          if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
          if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
          if ( ! defined($o_host) ) # check host and filter 
          { print_usage(); exit $ERRORS{"UNKNOWN"}}
          if (!defined ($o_timeout)) {$o_timeout='1'}; #Si pas de timeout on le definit
    #Check snmp information
          if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
          { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
          if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
          { print "He gamin melange pas snmp v1,2c,3 !!!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
          if (defined ($v3protocols)) {
    	  if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    	  my @v3proto=split(/,/,$v3protocols);
    	  if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];	} # Auth protocol
    	  if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
    	  if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
    	    print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    	}
    }
    
    ##MAIN
    
    check_options();
    
    ###Connexion SNMP
    my ($session,$error);
    if ( defined($o_login) && defined($o_passwd)) {
    # SNMPv3 login
    #  verb("SNMPv3 login");
        if (!defined ($o_privpass)) {
    #  verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
        ($session, $error) = Net::SNMP->session(
          -hostname   	=> $o_host,
          -version		=> '3',
          -username		=> $o_login,
          -authpassword	=> $o_passwd,
          -authprotocol	=> $o_authproto,
          -timeout          => $o_timeout
        );  
      } else {
        verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
        ($session, $error) = Net::SNMP->session(
          -hostname   	=> $o_host,
          -version		=> '3',
          -username		=> $o_login,
          -authpassword	=> $o_passwd,
          -authprotocol	=> $o_authproto,
          -privpassword	=> $o_privpass,
          -privprotocol     => $o_privproto,
          -timeout          => $o_timeout
        );
      }
    } else {
    	if (defined ($o_version2)) {
    		# SNMPv2 Login
    #		verb("SNMP v2c login");
    		  ($session, $error) = Net::SNMP->session(
    		 -hostname  => $o_host,
    		 -version   => 2,
    		 -community => $o_community,
    		 -port      => $o_port,
    		 -timeout   => $o_timeout
    		);
      	} else {
    	  # SNMPV1 login
    #	  verb("SNMP v1 login");
    	  ($session, $error) = Net::SNMP->session(
    		-hostname  => $o_host,
    		-community => $o_community,
    		-port      => $o_port,
    		-timeout   => $o_timeout
    	  );
    	}
    }
    
    
    ###########
    
    if (!defined($session)) {
        printf("ERROR: %s.\n", $error);
        exit 1;
    }
    
    my $ModIndex = $session->get_table(Baseoid => $modIndexoid);
    my $NombPortMod = $session->get_table(Baseoid => $modNumPortoid);
    my $AdmSta = $session->get_table(Baseoid => $AdmStaoid);
    my $OpeSta = $session->get_table(Baseoid => $OpeStaoid);
    
    my $PortSec2900 = $session->get_table(Baseoid => $PortUsaoid);
    my $NbViol2900 = $session->get_table(Baseoid => $PortAddrSecoid);
    
    my $PortSec2960 = $session->get_table(Baseoid => $SecEnaoid);
    my $NbViol2960 = $session->get_table(Baseoid => $SecStaoid);
    
    
    
    
    if ((!defined($ModIndex)&&!defined($NombPortMod))&&(!defined($PortSec2900)&&!defined($NbViol2900))&&(!defined($PortSec2960)&&!defined($NbViol2960))) {
        printf("ERROR: %s.\n", $session->error);
        $session->close;
        exit 0;
    } 
    
    
    
    ##POUR LES 5000
    if ((!defined($PortSec2960) && !defined($NbViol2960)) && (!defined($PortSec2900) && !defined($NbViol2900))) {
        my $a = 0;
    #    print "5000";
        foreach my $key (sort keys %$ModIndex) {
    	my $m = $$ModIndex{$key};
    	my $np = $$NombPortMod{$modNumPortoid.".".$m};
    
    	if ($np == 0 || $np == 1 || $np == 2){}
    	else{
    	    for (my $i = 1; $i<=$np; $i++ ){
    		my $Adm = $$AdmSta{$AdmStaoid.".".$m.".".$i};
    		my $Ope = $$OpeSta{$OpeStaoid.".".$m.".".$i};
    
    		if ($Adm == "1" && $Ope == "2"){
    		    print " $m/$i  ";
    		    $a = 1;
    		}
    	    }
    	}
        }
        if ($a == "0"){
    	print "Pas de ports bloqués";
    	exit $a;
        }
        else{
    	exit $a;
        }
    }
    
    ##POUR LES 2960
    if ((!defined($PortSec2900)&&!defined($NbViol2900)) && (!defined($OpeSta)&&!defined($AdmSta))) {
        my $a = 0;
     #   print "2960";
        for (my $i = 1; $i<=9; $i++ ){
    	my $Adm = $$PortSec2960{$SecEnaoid.".1010".$i};
    	my $Viol = $$NbViol2960{$SecStaoid.".1010".$i};
    
    	if ($Adm == "1" && $Viol == "3"){
    	    print " 0/$i  ";
    	    $a = 1;
    	}
        }
        for (my $i = 10; $i<=24; $i++ ){
    	my $Adm = $$PortSec2960{$SecEnaoid.".101".$i};
    	my $Viol = $$NbViol2960{$SecStaoid.".101".$i};
    
    	if ($Adm == "1" && $Viol == "3"){
    	    print " 0/$i  ";
    	    $a = 1;
    	}
        }	
    
        if ($a == "0"){
    	print "Pas de ports bloqués";
    	exit $a;
        }
        else{
    	exit $a;
    	}    
    }
    
    ##POUR LES 6500
    if ((!defined($PortSec2900) && !defined($NbViol2900)) && (defined($PortSec2960) && defined($NbViol2960))  && (defined($ModIndex) && defined($NombPortMod)) && (defined($AdmSta) && defined($OpeSta))) {
        my $a = 0;
    #    print "6500";
        foreach my $key (sort keys %$ModIndex) {
    	my $m = $$ModIndex{$key};
    	my $np = $$NombPortMod{$modNumPortoid.".".$m};
    
    	if ($np == 0 || $np == 1 || $np == 2){}
    	else{
    	    for (my $i = 1; $i<=$np; $i++ ){
    		my $Adm = $$AdmSta{$AdmStaoid.".".$m.".".$i};
    		my $Ope = $$OpeSta{$OpeStaoid.".".$m.".".$i};
    
    		if ($Adm == "1" && $Ope == "2"){
    		    print " $m/$i  ";
    		    $a = 1;
    		}
    	    }
    	}
        }
        if ($a == "0"){
    	print "Pas de ports bloqués";
    	exit $a;
        }
        else{
    	exit $a;
        }
    }
    
    
    
    ##POUR LES 2924   encore quelques problemes du au compteur NbViol ne se ##réinitialisant pas
    if ((!defined($ModIndex)&& !defined($NombPortMod))&&(!defined($PortSec2960)&&!defined($NbViol2960))) {
        my $a = 0;
        print "2924";
        for (my $i = 1; $i<=24; $i++ ){
    	my $Adm = $$PortSec2900{$PortUsaoid.".0.".$i};
    	my $Viol = $$NbViol2900{$PortAddrSecoid.".0.".$i};
    
    	if ($Adm == "2" && $Viol > "0"){
    	    print " 0/$i  ";
    	    $a = 1;
    	}	
        }
        if ($a == "0"){
          print "Pas de ports bloqués";
          exit $a;
        }
        else{
    	exit $a;
        }
    }
    
    print "Switch non supporté";
    exit 3;

    Voici pour mes productions elles sont orientées vers du matériel cisco.

    Leave a comment:


  • boblemarin
    replied
    Un plugin qui récupère l'état des alim et ventilos de switch cisco 5000, 6500 ou ls1010:

    Code:
      #! /usr/bin/perl -w
    
    use strict;
    use Net::SNMP;
    use Getopt::Long;
    
    use utils qw(%ERRORS $TIMEOUT);
    
    #Definition des OID a surveiller
    #5000
    my $PS1status5 = '1.3.6.1.4.1.9.5.1.2.4.0';
    my $PS2status5 = '1.3.6.1.4.1.9.5.1.2.7.0';
    my $FANstatus5 = '1.3.6.1.4.1.9.5.1.2.9.0';
    
    #6500
    my $FANstatus6 = '1.3.6.1.4.1.9.9.13.1.4.1.3.1';
    my $PS1status6 = '1.3.6.1.4.1.9.9.13.1.5.1.3.1';
    my $PS2status6 = '1.3.6.1.4.1.9.9.13.1.5.1.3.2';
    
    #LS1010
    my $FANstatusLS = '1.3.6.1.4.1.9.5.11.1.1.11.0';
    my $PS1statusLS = '1.3.6.1.4.1.9.5.11.1.1.5.0';
    my $PS2statusLS = '1.3.6.1.4.1.9.5.11.1.1.9.0';
    
    
    #Variables
    my $FAN = "";
    my $PS1 = "";
    my $PS2 = "";
    
    
    #Definition des etat sur 5000 ATTENTION les indices changent entre les equipements
    my @C5000_etat = ("","UNKNOWN","OK","WARNING","CRITICAL");
    my @C6500_etat = ("","NORMAL","WARNING","CRITICAL","SHUTDOWN","NOT-PRESENT","NOT-FUNCTIONING");
    my @LS_etat = ("","UNKNOWN","OK","FAULT","FAN-ALARM","PARTIAL-FAULT","EMPTY");
    
    # Globals
    my $Version='0';
    
    my $o_host = 	undef; 		# hostname
    my $o_community = undef; 	# community
    my $o_port = 	161; 		# port
    my $o_help=	undef; 		# wan't some help ?
    #my $o_verb=	undef;		# verbose mode
    my $o_version=	undef;		# print version
    my $o_timeout=  undef; 		# Timeout (Default 5)
    my $o_perf=     undef;          # Output performance data
    my $o_version2= undef;          # use snmp v2c
    
    # SNMPv3 specific
    my $o_login=	undef;		# Login for snmpv3
    my $o_passwd=	undef;		# Pass for snmpv3
    my $v3protocols=undef;	        # V3 protocol list.
    my $o_authproto='md5';		# Auth protocol
    my $o_privproto='des';		# Priv protocol
    my $o_privpass= undef;		# priv password
    
    
    #Fonctions
    sub p_version { print "check_snmp_env5000 version : $Version\n"; }
    
    sub print_usage {
        print "Usage: $0 [-v] -H <host> -C <snmp_community> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) \n";
    }
    
    sub check_options {
        Getopt::Long::Configure ("bundling");
        GetOptions(
            'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
            'C:s'   => \$o_community,	'community:s'	=> \$o_community,
    	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
    	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
    	'X:s'	=> \$o_privpass,	'privpass:s'	=> \$o_privpass,
    	'L:s'	=> \$v3protocols,	'protocols:s'	=> \$v3protocols,
            't:i'   => \$o_timeout,       	'timeout:i'     => \$o_timeout,
    	'V'	=> \$o_version,		'version'	=> \$o_version,
    	'2'     => \$o_version2,        'v2c'           => \$o_version2,
    	);
    
    
        
       
    #Basic checks
          if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
          if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
          if ( ! defined($o_host) ) # check host and filter 
          { print_usage(); exit $ERRORS{"UNKNOWN"}}
          if (!defined ($o_timeout)) {$o_timeout='1'}; #Si pas de timeout on le definit
    #Check snmp information
          if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
          { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
          if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
          { print "He gamin melange pas snmp v1,2c,3 !!!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
          if (defined ($v3protocols)) {
    	  if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    	  my @v3proto=split(/,/,$v3protocols);
    	  if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];	} # Auth protocol
    	  if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
    	  if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
    	    print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    	}
    }
    
    ##MAIN
    
    check_options();
    
    ###Connexion SNMP
    my ($session,$error);
    if ( defined($o_login) && defined($o_passwd)) {
    # SNMPv3 login
    #  verb("SNMPv3 login");
        if (!defined ($o_privpass)) {
    #  verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
        ($session, $error) = Net::SNMP->session(
          -hostname   	=> $o_host,
          -version		=> '3',
          -username		=> $o_login,
          -authpassword	=> $o_passwd,
          -authprotocol	=> $o_authproto,
          -timeout          => $o_timeout
        );  
      } else {
        verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
        ($session, $error) = Net::SNMP->session(
          -hostname   	=> $o_host,
          -version		=> '3',
          -username		=> $o_login,
          -authpassword	=> $o_passwd,
          -authprotocol	=> $o_authproto,
          -privpassword	=> $o_privpass,
          -privprotocol     => $o_privproto,
          -timeout          => $o_timeout
        );
      }
    } else {
    	if (defined ($o_version2)) {
    		# SNMPv2 Login
    #		verb("SNMP v2c login");
    		  ($session, $error) = Net::SNMP->session(
    		 -hostname  => $o_host,
    		 -version   => 2,
    		 -community => $o_community,
    		 -port      => $o_port,
    		 -timeout   => $o_timeout
    		);
      	} else {
    	  # SNMPV1 login
    #	  verb("SNMP v1 login");
    	  ($session, $error) = Net::SNMP->session(
    		-hostname  => $o_host,
    		-community => $o_community,
    		-port      => $o_port,
    		-timeout   => $o_timeout
    	  );
    	}
    }
    
    
    ###########
    
    if (!defined($session)) {
        printf("ERROR: %s.\n", $error);
        exit 1;
    }
    #On recupere les valeur des OID
    my $resultLS = $session->get_request (-varbindlist => [$PS1statusLS,$PS2statusLS,$FANstatusLS]);
    my $result5 = $session->get_request (-varbindlist => [$PS1status5,$PS2status5,$FANstatus5]);
    my $result6 = $session->get_request (-varbindlist => [$PS1status6,$PS2status6,$FANstatus6]);
    
    
    #Si aucun OID valide on quitte en Warning
    if (!defined($result5)&&!defined($result6)&&!defined($resultLS)) {
         printf("ERROR: %s.\n", $session->error);
         $session->close;
         exit 1;
    }
    
    
    ##SELECTION LS1010
    if (!defined($result5)&&!defined($result6)) {
        $FAN = $resultLS->{$FANstatusLS};
        $PS1 = $resultLS->{$PS1statusLS};
        $PS2 = $resultLS->{$PS2statusLS};  
        print "RACK VENTILO: ",$LS_etat[$FAN],",  ALIM1: ",$LS_etat[$PS1],",  ALIM2: ",$LS_etat[$PS2],"\n";
    
        if ($FAN==3||$PS1==3||$PS2==3) {
    	exit 2;  #Si fault sur un des 3 on renvoie CRITICAL a Nagios
        }
        if (($FAN==4||$PS1==4||$PS2==4)||($FAN==5||$PS1==5||$PS2==5)) {
    	exit 1; #Si Fan alarm ou PartialFault sur un des 3 on renvoie Warning a Nagios
        }
        elsif ($FAN==2&&($PS1==2||$PS2==2)) {
    	exit 0; #Si FAN OK et 1 des 2 ALIM OK n renvoie OK a Nagios
        } else {
    	exit 3; #Cas non prevu
        }
    }
    
    ##SELECTION C5000
    elsif (!defined($resultLS)&&!defined($result6)) {
        $FAN = $result5->{$FANstatus5};
        $PS1 = $result5->{$PS1status5};
        $PS2 = $result5->{$PS2status5};  
        print "RACK VENTILO: ",$C5000_etat[$FAN],",  ALIM1: ",$C5000_etat[$PS1],",  ALIM2: ",$C5000_etat[$PS2],"\n";
     
        if ($FAN==4||$PS1==4||$PS2==4) {
    	exit 2;  #Si major-fault sur un des 3 on renvoie CRITICAL a Nagios
        }
        if ($FAN==3||$PS1==3||$PS2==3) {
    	exit 1; #Si min-fault sur un des 3 on renvoie Warning a Nagios
        }
        elsif ($FAN==2&&($PS1==2||$PS2==2)) {
    	exit 0; #Si FAN OK et 1 des 2 ALIM OK n renvoie OK a Nagios
        } else {
    	exit 3; #Cas non prevu
        }
    }
    
    ##SELECTION C6500
    else {
        $FAN = $result6->{$FANstatus6};
        $PS1 = $result6->{$PS1status6};
        $PS2 = $result6->{$PS2status6};  
        print "RACK VENTILO: ",$C6500_etat[$FAN],",  ALIM1: ",$C6500_etat[$PS1],",  ALIM2: ",$C6500_etat[$PS2],"\n";
    
    if ($FAN==3||$PS1==3||$PS2==3) {
    	exit 2;  #Si CRITICAL sur un des 3 on renvoie CRITICAL a Nagios
        }
        if (($FAN==2||$PS1==2||$PS2==2)||($FAN==6||$PS1==6||$PS2==6)) {
    	exit 1; #Si WARNING ou NOT-FUNCTIONING sur un des 3 on renvoie Warning a Nagios
        }
        elsif ($FAN==1&&($PS1==1||$PS2==1)) {
    	exit 0; #Si FAN OK et 1 des 2 ALIM OK n renvoie OK a Nagios
        } else {
    	exit 3; #Cas non prevu
        }
    }

    Leave a comment:


  • boblemarin
    replied
    Salut,
    Voici mes petites productions, je me suis basé sur le code d'un plugin mis en ligne sur le site de manubulon.
    Le code ne doit pas être optimisé (je débute en perl ) et faiblement commenté.

    Voici le plugin (son but est de détecter et lister les ports des switchs n'ayant pas port security activé tout en tenant compte d'une liste d'exeption) posant problème, plus précisément la fonction lecture qui me renvoie l'erreur suivante Aucun fichier ou répertoire de ce type at (eval 1) line 108,". alors que lorsque je lance ce plugin via le shell je n'ai aucun souci...

    Code:
       #! /usr/bin/perl -w
    
    use strict;
    use Net::SNMP;
    use Getopt::Long;
    
    
    use utils qw(%ERRORS $TIMEOUT);
    
    #Definition des OID a surveiller
    
    #5000 (CISCO-STACK-MIB)
    my $modIndexoid = '1.3.6.1.4.1.9.5.1.3.1.1.1';
    my $modNumPortoid = '1.3.6.1.4.1.9.5.1.3.1.1.14';
    my $AdmStaoid = '1.3.6.1.4.1.9.5.1.10.1.1.3';
    my $ViolPoloid = '1.3.6.1.4.1.9.5.1.10.1.1.10';
    
    #2900 (CISCO-C2900-MIB)
    my $PortUsaoid = '1.3.6.1.4.1.9.9.87.1.4.1.1.3';
    my $ViolAct2900oid = '1.3.6.1.4.1.9.9.87.1.4.1.1.26';
    
    #2960 (CISCO-PORT-SECURITY-MIB)
    my $SecEnaoid = '1.3.6.1.4.1.9.9.315.1.2.1.1.1';
    my $ViolActoid = '1.3.6.1.4.1.9.9.315.1.2.1.1.8';
    
    
    #Definition des etat sur 5000, 6500 et LS ATTENTION les indices changent entre les equipements
    my @C5000_etat = ("","UNKNOWN","OK","WARNING","CRITICAL");
    my @C6500_etat = ("","NORMAL","WARNING","CRITICAL","SHUTDOWN","NOT-PRESENT","NOT-FUNCTIONING");
    my @LS_etat = ("","UNKNOWN","OK","FAULT","FAN-ALARM","PARTIAL-FAULT","EMPTY");
    
    #Fichier des ports non securises volontairement
    
    my $exep = "./test";
    my @lect = undef;
    
    # Globals
    my $Version='0';
    
    my $o_host = 	undef; 		# hostname
    my $o_community = undef; 	# community
    my $o_group = 	undef; 		# hostgroup (2900,2960,5000,6500)
    my $o_port = 	161; 		# port
    my $o_help=	undef; 		# wan't some help ?
    #my $o_verb=	undef;		# verbose mode
    my $o_version=	undef;		# print version
    my $o_timeout=  undef; 		# Timeout (Default 5)
    my $o_perf=     undef;          # Output performance data
    my $o_version2= undef;          # use snmp v2c
    
    # SNMPv3 specific
    my $o_login=	undef;		# Login for snmpv3
    my $o_passwd=	undef;		# Pass for snmpv3
    my $v3protocols=undef;	        # V3 protocol list.
    my $o_authproto='md5';		# Auth protocol
    my $o_privproto='des';		# Priv protocol
    my $o_privpass= undef;		# priv password
    
    
    #Fonctions
    sub p_version { print "check_snmp_env5000 version : $Version\n"; }
    
    sub print_usage {
        print "Usage: $0 [-v] -H <host> -C <snmp_community> -G <hostgroup> [-2] | (-l login -x passwd [-X pass -L <authp>,<privp>]) \n";
    }
    
    sub check_options {
        Getopt::Long::Configure ("bundling");
        GetOptions(
            'H:s'   => \$o_host,		'hostname:s'	=> \$o_host,
            'C:s'   => \$o_community,	'community:s'	=> \$o_community,
            'G:s'   => \$o_group,   	'group:s'	=> \$o_group,
    	'l:s'	=> \$o_login,		'login:s'	=> \$o_login,
    	'x:s'	=> \$o_passwd,		'passwd:s'	=> \$o_passwd,
    	'X:s'	=> \$o_privpass,	'privpass:s'	=> \$o_privpass,
    	'L:s'	=> \$v3protocols,	'protocols:s'	=> \$v3protocols,
            't:i'   => \$o_timeout,       	'timeout:i'     => \$o_timeout,
    	'V'	=> \$o_version,		'version'	=> \$o_version,
    	'2'     => \$o_version2,        'v2c'           => \$o_version2,
    	);
    
    
        
       
    #Basic checks
          if (defined ($o_help) ) { help(); exit $ERRORS{"UNKNOWN"}};
          if (defined($o_version)) { p_version(); exit $ERRORS{"UNKNOWN"}};
          if ( ! defined($o_host) || ! defined($o_group)) # check host and filter 
          { print_usage(); exit $ERRORS{"UNKNOWN"}}
          if (!defined ($o_timeout)) {$o_timeout='1'}; #Si pas de timeout on le definit
    #Check snmp information
          if ( !defined($o_community) && (!defined($o_login) || !defined($o_passwd)) )
          { print "Put snmp login info!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
          if ((defined($o_login) || defined($o_passwd)) && (defined($o_community) || defined($o_version2)) )
          { print "He gamin melange pas snmp v1,2c,3 !!!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
          if (defined ($v3protocols)) {
    	  if (!defined($o_login)) { print "Put snmp V3 login info with protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    	  my @v3proto=split(/,/,$v3protocols);
    	  if ((defined ($v3proto[0])) && ($v3proto[0] ne "")) {$o_authproto=$v3proto[0];	} # Auth protocol
    	  if (defined ($v3proto[1])) {$o_privproto=$v3proto[1];	}	# Priv  protocol
    	  if ((defined ($v3proto[1])) && (!defined($o_privpass))) {
    	    print "Put snmp V3 priv login info with priv protocols!\n"; print_usage(); exit $ERRORS{"UNKNOWN"}}
    	}
    }
    
    sub lecture{
        open (IN, $exep) or die "impossible de lire le fichier d'exeptions, erreur: $!";
        @lect = <IN>;
        chomp @lect;
        close IN;
    }
    
    ##MAIN
    
    check_options();
    
    ###Connexion SNMP
    my ($session,$error);
    if ( defined($o_login) && defined($o_passwd)) {
    # SNMPv3 login
    #  verb("SNMPv3 login");
        if (!defined ($o_privpass)) {
    #  verb("SNMPv3 AuthNoPriv login : $o_login, $o_authproto");
        ($session, $error) = Net::SNMP->session(
          -hostname   	=> $o_host,
          -version		=> '3',
          -username		=> $o_login,
          -authpassword	=> $o_passwd,
          -authprotocol	=> $o_authproto,
          -timeout          => $o_timeout
        );  
      } else {
        verb("SNMPv3 AuthPriv login : $o_login, $o_authproto, $o_privproto");
        ($session, $error) = Net::SNMP->session(
          -hostname   	=> $o_host,
          -version		=> '3',
          -username		=> $o_login,
          -authpassword	=> $o_passwd,
          -authprotocol	=> $o_authproto,
          -privpassword	=> $o_privpass,
          -privprotocol     => $o_privproto,
          -timeout          => $o_timeout
        );
      }
    } else {
    	if (defined ($o_version2)) {
    		# SNMPv2 Login
    #		verb("SNMP v2c login");
    		  ($session, $error) = Net::SNMP->session(
    		 -hostname  => $o_host,
    		 -version   => 2,
    		 -community => $o_community,
    		 -port      => $o_port,
    		 -timeout   => $o_timeout
    		);
      	} else {
    	  # SNMPV1 login
    #	  verb("SNMP v1 login");
    	  ($session, $error) = Net::SNMP->session(
    		-hostname  => $o_host,
    		-community => $o_community,
    		-port      => $o_port,
    		-timeout   => $o_timeout
    	  );
    	}
    }
    
    
    ###########
    
    if (!defined($session)) {
        printf("ERROR: %s.\n", $error);
        exit 1;
    }
    
    lecture();
    
    ##POUR LES 2900
    if ($o_group eq "C2900") {
    
        my $PortSec2900 = $session->get_table(Baseoid => $PortUsaoid);
        my $ViolAct2900 = $session->get_table(Baseoid => $ViolAct2900oid);
        my $a = 0;
    
        for (my $i = 1; $i<=24; $i++){
    	my $Adm = $$PortSec2900{$PortUsaoid.".0.".$i};
    	my $Act = $$ViolAct2900{$ViolAct2900oid.".0.".$i};
    
    	if ($Adm != "2" && $Act != "4"){
    
    	    foreach my $lign (@lect){
    
    		if ($lign =~ /$o_host/){
    		    if ($lign =~ /0\/$i/){}	
    		    else {
    			print " 0/$i,";
    			$a = 1;
    		    }
    		}
    	    }
    	}
    	
        }
        if ($a == "0"){
    	print "pas de ports non securisés";
        }
        else{
    	exit $a;
        }
    }
    
    ##POUR LES 2960
    if ($o_group eq "C2960") {
    
        my $PortSec2960 = $session->get_table(Baseoid => $SecEnaoid);
        my $ViolAct2960 = $session->get_table(Baseoid => $ViolActoid);
        my $a = 0;
    
    for (my $i = 1; $i<=9; $i++ ){
    	my $Adm = $$PortSec2960{$SecEnaoid.".1010".$i};
    	my $Act = $$ViolAct2960{$ViolActoid.".1010".$i};
    
    	if ($Adm != "1" && $Act != "1"){
    	    foreach my $lign (@lect){
    		if ($lign =~ /$o_host/){
    		    if ($lign =~ /0\/$i/){}	
    		    else {
    			print " 0/$i,";
    			$a = 1;
    		    }
    		}
    	    }      
    	}
        }
        for (my $i = 10; $i<=24; $i++ ){
    	my $Adm = $$PortSec2960{$SecEnaoid.".101".$i};
    	my $Act = $$ViolAct2960{$ViolActoid.".101".$i};
    
    	if ($Adm != "1" && $Act != "1"){
    	    foreach my $lign (@lect){
    		if ($lign =~ /$o_host/){
    		    if ($lign =~ /0\/$i/){}	
    		    else {
    			print " 0/$i,";
    			$a = 1;
    		    }
    		}
    	    }	 
    	}
        }	
    
        if ($a == "0"){
    	print "Pas de ports non sécurisés";
    	exit $a;
        }
        else{
    	exit $a;
    	}
    
        
    }
    
    ##POUR LES 5000 et 6500
    if ($o_group eq "C5000" || $o_group eq "C6500") {
    
        my $ModIndex = $session->get_table(Baseoid => $modIndexoid);
        my $NombPortMod = $session->get_table(Baseoid => $modNumPortoid);
        my $AdmSta = $session->get_table(Baseoid => $AdmStaoid);
        my $ViolPol = $session->get_table(Baseoid => $ViolPoloid);    
        my $a = 0;
    
    #    print "6500";
    
        foreach my $key (sort keys %$ModIndex) {
    	my $m = $$ModIndex{$key};
    	my $np = $$NombPortMod{$modNumPortoid.".".$m};
    
    	if ($np == 0 || $np == 1 || $np == 2){}
    	else{
    	    for (my $i = 1; $i<=$np; $i++ ){
    		my $Adm = $$AdmSta{$AdmStaoid.".".$m.".".$i};
    		my $Act = $$ViolPol{$ViolPoloid.".".$m.".".$i};
    
    		if ($Adm != "1" && $Act != "2"){
    		    if ($Adm != "1" && $Act != "1"){
    			foreach my $lign (@lect){
    			    if ($lign =~ /$o_host/){
    				if ($lign =~ /$m\/$i/){}
    				else {
    				    print " $m/$i,";
    				    $a = 1;
    				}
    			    }
    			}	 
    		    }
    		}
    	    }
    	}
        }
        if ($a == "0"){
    	print "Pas de ports non sécurisés";
    	exit $a;
        }
        else{
    	exit $a;
        }
    
    
    }
    exit;
    le fichier d'exeptions (test) se présente de la sorte et se trouve pour le moment dans le meme répertoire que le plugin:
    nom_équipement |numéros_de_port_faisant exeption

    c345_t |4/23,2/12,1/4

    Le plugin se lance en shell de la manière suivante

    ./monplugin.pl -H nom de l'host -C communautésnmp -G groupe du switch(C2900, C2960, C5000 ou C6500) j'ai fait mes premiers tests avec la catégorie C2900.

    Si vous avez des idées pour mon souci concernant ce sript je suis preneur :-D

    j'utilise Nagios 2.8 sous centos

    A+ Boblemarin
    Last edited by boblemarin; 26 April 2007, 09:33.

    Leave a comment:


  • WAtt
    replied
    Tu as la possibilité de mettre ton plugins a dispo que l'on puisse également tester ?

    En plus ca pourrai etre cool de les mettres a dispo de tout le monde (contrib power)

    Leave a comment:


  • boblemarin
    started a topic Pb exécution plugin perl

    Pb exécution plugin perl

    Bonjour,

    je développe des plugin en perl afin de superviser des paramètres spécifiques sur des équipements réseaux via snmp.

    Je veux ici détecter la configuration de certains ports d'un switch en vérifiant au préalable dans un fichier texte si le port ne fait pas parti d'une liste d'exeption.

    Pour que mon plugin lise ce fichier texte, j'utilise:


    Code:
    use Net::SNMP;
    use Getopt::Long;
    
    
    my $exep = "./test";
    my @lect = undef;
    
    sub lecture{
        open (IN, $exep) || die "impossible de lire le fichier d'exeptions, erreur: $!";
        @lect = <IN>;
        close IN;
    
    }


    lorsque je teste mon plugin dans mon shell (./monplugin.pl), j'obtiens le résultat escompté...
    mais lorsque j'intègre ce plugin à Nagios et que ce dernier l'exécute, Nagios me retourne une erreur du style le fichier n'existe pas (je mettrai le msg exact demain :-D )...

    apparement l'instruction open n'est pas interprété correctement par l'ePN de Nagios...

    Pour le moment j'ai remplacé ce sous programme par du shell mais bon c'est pas très beau et en therme de performance c'est pas vraiment des plus efficace.


    Si vous avez rencontré le même problème ou avez une solution, je suis preneur

    A+ boblemarin
Working...
X