-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_noroutehostgateway
116 lines (97 loc) · 3.86 KB
/
check_noroutehostgateway
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/env python3
#-------------------------------------------------------------------------------
import sys
import os
import argparse
import subprocess
import concurrent.futures
import ipaddress
#-------------------------------------------------------------------------------
_candebug = False
def candebug():
global _candebug
return _candebug
def setcandebug(value):
global _candebug
_candebug = value
def infomsg(msg):
if candebug() == True:
print(msg, flush=True)
def exitnagios(status,message):
if status=="OK":
exitcode = 0
elif status=="WARNING":
exitcode = 1
elif status=="CRITICAL":
exitcode = 2
elif status=="UNKNOWN":
exitcode = 3
else:
exitcode = 4
print(status+": "+message, flush=True)
sys.exit(exitcode)
#-------------------------------------------------------------------------------
def checkifaddress(test):
converted = None
try:
converted = ipaddress.ip_address(test)
except:
pass
return (converted != None)
def donoroutehostgatewaycall(protocol,whitelist):
cmdline = ["/usr/bin/ip",protocol,"route"]
infomsg(cmdline)
completedproc = subprocess.run(cmdline,capture_output=True)
output = completedproc.stdout.decode("utf-8")
errors = completedproc.stderr.decode("utf-8")
exitcode = completedproc.returncode
if exitcode!=0:
return [protocol+": cannot read routes table"]
exclusion = []
for item in whitelist.lower().split(","):
exclusion.append(item.split("/"))
errormsgs = []
for line in output.strip().splitlines():
if line.startswith(" ") == False:
parts = line.split()
if (len(parts)>0) and (checkifaddress(parts[0]) == True):
infomsg("found address: "+str(parts))
if parts[len(parts)-1].lower() != "linkdown":
infomsg("found candidate: "+str(parts))
if len(parts)>1 and parts[1].lower() == "via":
infomsg("checking if this is an exception: "+str(parts))
exception = False
for item in exclusion:
if len(item)>0 and item[0]==parts[0]:
if len(item)>1:
if item[1]==parts[2]:
if len(item)>2:
if item[2]==parts[4]:
exception = True
else:
exception = True
else:
exception = True
if exception == False:
errormsgs.append(protocol+": found UGH route "+parts[0]+"/"+parts[2]+"/"+parts[4])
return errormsgs
#-------------------------------------------------------------------------------
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument("-l", "--whitelist", action="store", dest="whitelist", default="", help="routes to whitelist")
parser.add_argument("-®", "--debug", action="store_true", dest="debug", default=False, help="be more verbose")
args = parser.parse_args()
return args
def main():
args = parse_args()
setcandebug(args.debug)
errormsgs = []
errormsgs = errormsgs + donoroutehostgatewaycall("-4",args.whitelist)
errormsgs = errormsgs + donoroutehostgatewaycall("-6",args.whitelist)
if len(errormsgs)==0:
exitnagios("OK","routes table looks normal")
else:
exitnagios("CRITICAL",str(errormsgs))
if __name__ == "__main__":
main()
#-------------------------------------------------------------------------------