[Mon-commit] mon-contrib/monitors/imap imap-ptp.monitor,NONE,1.1 imap-ssl.monitor,NONE,1.1 imap-star
Brought to you by:
trockij
Menu
▾
▴
[Mon-commit] mon-contrib/monitors/imap imap-ptp.monitor,NONE,1.1 imap-ssl.monitor,NONE,1.1 imap-starttls.monitor,NONE,1.1
|
From: David N. <vi...@us...> - 2005-08-20 15:21:07
|
Update of /cvsroot/mon/mon-contrib/monitors/imap In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20962 Added Files: imap-ptp.monitor imap-ssl.monitor imap-starttls.monitor Log Message: Adding monitor scripts for: IMAP with plain text password login IMAP over SSL IMAP w/ STARTTLS --- NEW FILE: imap-starttls.monitor --- #!/usr/bin/perl # # Try to connect to an IMAP server, and issue a STARTTLS command, and # wait for the right output. # # For use with "mon". # # Arguments are "-p port -t timeout host [host...]" # # Adapted from "imap.monitor" by # David Nolan, vi...@cm... # # Which in turn was adapted from 'http.monitor' by # Jim Trocki, tr...@tr... # # http.monitor was written by # # Jon Meek # American Cyanamid Company # Princeton, NJ # # # $Id: imap-starttls.monitor,v 1.1 2005/08/20 15:20:57 vitroth Exp $ # # Copyright (C) 1998, Jim Trocki # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # use Getopt::Std; use Net::SSLeay::Handle qw/shutdown/; use English; getopts ("p:t:"); $PORT = $opt_p || 143; $TIMEOUT = $opt_t || 30; @failures = (); foreach $host (@ARGV) { if (! &imapGET($host, $PORT)) { push (@failures, $host); } } if (@failures == 0) { exit 0; } print join (" ", sort @failures), "\n\n", join ("\n", @longerr), "\n"; exit 1; sub imapGET { use Socket; use IO::Socket::INET; use Sys::Hostname; use Symbol; my($Server, $Port) = @_; my($ServerOK, $TheContent); $ServerOK = 0; $TheContent = ''; $Path = '/'; ############################################################### eval { local $SIG{ALRM} = sub { die "Timeout Alarm" }; alarm $TIMEOUT; my $socket = gensym; # Necessary to allow $socket and $sslsocket to be used multiple times for my $sslsocket = gensym; # the Net::SSLeay::Handle tie $result = &OpenSocket($socket, $Server, $Port); # Open a connection to the server if ($result == 0) { # Failure to open the socket push @longerr, "$Server: Unable to connect"; return ''; } $in = <$socket>; if ($in !~ /^\* (OK|PREAUTH|BYE)/) { alarm 0; push @longerr, "$Server: No IMAP banner received"; return 0; } print $socket "A1 STARTTLS\r\n"; $in = <$socket>; if ($in !~ /^A1 OK/) { alarm 0; push @longerr, "$Server: STARTTLS request denied"; return 0; } tie(*$sslsocket, "Net::SSLeay::Handle", $socket); print $sslsocket "A1 LOGOUT\r\n"; while (defined($in=<$sslsocket>)) { if ($in =~ /^A1 OK/) { $ServerOK = 1; last; } } if (!$ServerOK) { push @longerr, "$Server: No response to logout, STARTTLS negotiation failed?"; } close($sslsocket); alarm 0; # Cancel the alarm }; if ($EVAL_ERROR and ($EVAL_ERROR =~ /^Timeout Alarm/)) { push @longerr, "$Server: **** Time Out\n"; return 0; } elsif ($EVAL_ERROR) { push @longerr, "$Server: $EVAL_ERROR"; return 0; } return $ServerOK; } sub OpenSocket { # # Make a Berkeley socket connection between this program and a TCP port # on another (or this) host. Port can be a number or a named service # local($socket, $OtherHostname, $Port) = @_; local($OurHostname, $sockaddr, $name, $aliases, $proto, $type, $len, $ThisAddr, $that); $OurHostname = &hostname; ($name, $aliases, $proto) = getprotobyname('tcp'); ($name, $aliases, $Port) = getservbyname($Port, 'tcp') unless $Port =~ /^\d+$/; ($name, $aliases, $type, $len, $ThisAddr) = gethostbyname($OurHostname); ($name, $aliases, $type, $len, $OtherHostAddr) = gethostbyname($OtherHostname); my $that = sockaddr_in ($Port, $OtherHostAddr); $result = socket($socket, &PF_INET, &SOCK_STREAM, $proto) || return undef; $result = connect($socket, $that) || return undef; select($socket); $| = 1; select(STDOUT); # set S to be un-buffered return 1; # success } --- NEW FILE: imap-ssl.monitor --- #!/usr/bin/perl # # Try to connect to an IMAP server, over SSL, and # wait for the right output. # # For use with "mon". # # Arguments are "[-p port] [-t timeout] [-w cert-expiration-warning-window ] host [host...]" # # Adapted from "imap.monitor" by # David Nolan, vi...@cm... # # Which in turn was adapted from 'http.monitor' by # Jim Trocki, tr...@tr... # # http.monitor was written by # # Jon Meek # American Cyanamid Company # Princeton, NJ # # $Id: imap-ssl.monitor,v 1.1 2005/08/20 15:20:57 vitroth Exp $ # # Copyright (C) 1998, Jim Trocki # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # use Getopt::Std; use Net::SSLeay::Handle qw/shutdown/; use English; use Time::ParseDate; getopts ("p:t:w:"); $PORT = $opt_p || 993; $TIMEOUT = $opt_t || 30; $EXPIREWARN = $opt_w ; # How long in advance to warn about cert expiration. 0 means don't warn $EXPIREWARN = 0 if (!defined $EXPIREWARN); # Don't warn by default @failures = (); foreach $host (@ARGV) { if (! &imapGET($host, $PORT)) { push (@failures, $host); } } if (@failures == 0) { exit 0; } print join (" ", sort @failures), "\n\n", join ("\n", @longerr), "\n"; exit 1; sub imapGET { use Socket; use Sys::Hostname; my($Server, $Port) = @_; my($ServerOK, $TheContent); $ServerOK = 0; $TheContent = ''; $Path = '/'; ############################################################### eval { local $SIG{ALRM} = sub { die "Timeout Alarm" }; alarm $TIMEOUT; tie(*S2, "Net::SSLeay::Handle", $Server, $Port); $in = <S2>; if ($in !~ /^\* (OK|PREAUTH|BYE)/) { alarm 0; push @longerr, "$Server: No IMAP banner received"; shutdown(\*S2, 1); close(S2); return 0; } print S2 "A1 LOGOUT\r\n"; while (defined($in=<S2>)) { if ($in =~ /^A1 OK/) { $ServerOK = 1; last; } } if (!$ServerOK) { push @longerr, "$Server: No response to logout"; } alarm 0; # Cancel the alarm if ($EXPIREWARN) { my $ssl = Net::SSLeay::Handle::_get_ssl(\*S2); my $cert = Net::SSLeay::get_peer_certificate($ssl); my $servercertname = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_subject_name($cert)); my $signingcertname = Net::SSLeay::X509_NAME_oneline(Net::SSLeay::X509_get_issuer_name($cert)); my $notafter = Net::SSLeay::P_ASN1_UTCTIME_put2string (Net::SSLeay::X509_get_notAfter($cert)); my $notbefore = Net::SSLeay::P_ASN1_UTCTIME_put2string (Net::SSLeay::X509_get_notBefore($cert)); my $na_time = parsedate($notafter); my $nb_time = parsedate($notbefore); my $now = time; my $later = $now + (86400 * $EXPIREWARN); print STDERR "XXXXX\nnotbefore $notbefore\nnotafter $notafter\nna_time $na_time\nnb_time $nb_time\nnow $now\nlater $later\n" if $opt_v; if ( $now < $nb_time ) { push @longerr,"$Server: Certificate not valid until $notbefore\ncertificate: $servercertname\nCA certificate: $signingcertname"; $ServerOK = 0; } if ($now > $na_time) { push @longerr,"$Server: Certificate expired as of $notafter\ncertificate: $servercertname\nCA certificate: $signingcertname"; $ServerOK = 0; } elsif ($later > $na_time ) { push @longerr,"$Server: Certificate will expire at $notafter\ncertificate: $servercertname\nCA certificate: $signingcertname"; $ServerOK = 0; } } shutdown(\*S2, 1); close(S2); }; if ($EVAL_ERROR and ($EVAL_ERROR =~ /^Timeout Alarm/)) { push @longerr, "$Server: **** Time Out\n"; return 0; } elsif ($EVAL_ERROR) { push @longerr, "$Server: $EVAL_ERROR"; return 0; } return $ServerOK; } sub OpenSocket { # # Make a Berkeley socket connection between this program and a TCP port # on another (or this) host. Port can be a number or a named service # local($OtherHostname, $Port) = @_; local($OurHostname, $sockaddr, $name, $aliases, $proto, $type, $len, $ThisAddr, $that); $OurHostname = &hostname; ($name, $aliases, $proto) = getprotobyname('tcp'); ($name, $aliases, $Port) = getservbyname($Port, 'tcp') unless $Port =~ /^\d+$/; ($name, $aliases, $type, $len, $ThisAddr) = gethostbyname($OurHostname); ($name, $aliases, $type, $len, $OtherHostAddr) = gethostbyname($OtherHostname); my $that = sockaddr_in ($Port, $OtherHostAddr); $result = socket(S, &PF_INET, &SOCK_STREAM, $proto) || return undef; $result = connect(S, $that) || return undef; select(S); $| = 1; select(STDOUT); # set S to be un-buffered return 1; # success } --- NEW FILE: imap-ptp.monitor --- #!/usr/bin/perl # # This script will attempt to login to an imap server # with a plain-text password. Password can either be specified on the # command line or in the monitor-auth.cf file. # # For use with "mon". # # Arguments are "[-u user] [-p pass] [-P port] [-t timeout] [-m mailbox] host [host...]" # # Adapted from "imap.monitor" by # David Nolan, vit...@cm... # # Which was adapted from "http.monitor" by # Jim Trocki, tr...@tr... # # http.monitor written by # # Jon Meek # American Cyanamid Company # Princeton, NJ # # $Id: imap-ptp.monitor,v 1.1 2005/08/20 15:20:57 vitroth Exp $ # # Copyright (C) 1998, Jim Trocki # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # use strict; use Getopt::Std; use English; use IO::File; use Socket; use vars qw($opt_p $opt_t $opt_u $opt_c $opt_P $opt_m $PASS $PORT $USER $TIMEOUT $MAILBOX $MONAUTHFILE @failures @longerr); getopts ("p:t:u:c:P:m:"); $PASS = $opt_p || ""; $USER = $opt_u || ""; $TIMEOUT = $opt_t || 30; $MAILBOX = $opt_m || "INBOX"; $PORT = $opt_P || 143; $MONAUTHFILE = $opt_c || $ENV{MON_CFBASEDIR}."/monitor-auth.cf"; @failures = (); @longerr = (); if (my $cf=new IO::File "<$MONAUTHFILE") { my (%users, %passwords); my $g=$ENV{MON_GROUP}; my $s=$ENV{MON_SERVICE}; while (<$cf>) { chomp; if (/^(\S+):user\s*=\s*(\S+)$/) { $users{$1}=$2; } if (/^(\S+):password\s*=\s*(\S+)$/) { $passwords{$1}=$2; } } $USER ||= $users{"$g:$s"}; $PASS ||= $passwords{"$g:$s"}; $USER ||= $users{"$g:*"}; $PASS ||= $passwords{"$g:*"}; $USER ||= $users{"*:$s"}; $PASS ||= $passwords{"*:$s"}; $USER ||= $users{"*:*"}; $PASS ||= $passwords{"*:*"}; } foreach my $host (@ARGV) { if (! &imapGET($host, $PORT)) { push (@failures, $host); } } if (@failures == 0) { exit 0; } print join (" ", sort @failures), "\n\n", join ("\n", @longerr), "\n"; exit 1; sub imapGET { use Sys::Hostname; my($Server, $Port) = @_; my($ServerOK, $TheContent, $Path, $result, $cmd, $in, $errmsg); $ServerOK = 0; $TheContent = ''; $Path = '/'; ############################################################### # $ServerOK = eval { # local $SIG{ALRM} = sub { die "Timeout Alarm" }; # alarm $TIMEOUT; # $c = Cyrus::IMAP->new("$Server"); # if (!$c) { # alarm 0; # push @longerr, "$Server: Unable to connect"; # return 0; # } # if ($USER && $PASS # && !$c->send('', '', 'LOGIN %s %s', $USER, $PASS)) { # alarm 0; # push @longerr, "$Server: Unable to login as $USER: $@"; # return 0; # } # if (!$c->send('', '', 'EXAMINE %s', $MAILBOX)) { # alarm 0; # push @longerr, "$Server: Unable to examine $MAILBOX as $USER: $@"; # return 0; # } # if (!$c->send('', '', 'LOGOUT')) { # alarm 0; # push @longerr, "$Server: Unable to logout: $@"; # return 0; # } # alarm 0; # return 1; # }; eval { local $SIG{ALRM} = sub { die "Timeout Alarm" }; alarm $TIMEOUT; $result = &OpenSocket($Server, $Port); # Open a connection to the server if ($result == 0) { # Failure to open the socket push @longerr, "$Server: Unable to connect"; return ''; } $in = <S>; if ($in !~ /^\* (OK|PREAUTH|BYE)/) { alarm 0; push @longerr, "$Server: No IMAP banner received"; return 0; } $cmd="login"; print S "A1 LOGIN $USER $PASS\r\n"; while (defined($in=<S>)) { if ($in =~ /^A1 (\w+) (.*)/) { if ($1 eq "OK") { $ServerOK = 1; } else { $errmsg="$1 $2"; } last; } } if ($ServerOK && $MAILBOX) { $cmd="examine"; $ServerOK=0; print S "A2 EXAMINE $MAILBOX\r\n"; while (defined($in=<S>)) { if ($in =~ /^A2 (\w+) (.*)/) { if ($1 eq "OK") { $ServerOK = 1; } else { $errmsg="$1 $2"; } last; } } } if ($ServerOK) { $cmd="logout"; $ServerOK=0; print S "A3 LOGOUT\r\n"; while (defined($in=<S>)) { if ($in =~ /^A3 (\w+) (.*)/) { if ($1 eq "OK") { $ServerOK = 1; } else { $errmsg="$1 $2"; } last; } } } if (!$ServerOK) { if ($errmsg) { push @longerr, "$Server: bad response to $cmd: $errmsg"; } else { push @longerr, "$Server: No response to $cmd"; } } close(S); alarm 0; # Cancel the alarm }; if ($EVAL_ERROR and ($EVAL_ERROR =~ /^Timeout Alarm/)) { push @longerr, "$Server: **** Time Out"; return 0; } elsif ($EVAL_ERROR) { push @longerr, "$Server: $EVAL_ERROR"; return 0; } return $ServerOK; } sub OpenSocket { # # Make a Berkeley socket connection between this program and a TCP port # on another (or this) host. Port can be a number or a named service # my ($OtherHostname, $Port) = @_; my ($OurHostname, $sockaddr, $name, $aliases, $proto, $type, $len, $ThisAddr, $that, $OtherHostAddr, $result); $OurHostname = &hostname; ($name, $aliases, $proto) = getprotobyname('tcp'); ($name, $aliases, $Port) = getservbyname($Port, 'tcp') unless $Port =~ /^\d+$/; ($name, $aliases, $type, $len, $ThisAddr) = gethostbyname($OurHostname); ($name, $aliases, $type, $len, $OtherHostAddr) = gethostbyname($OtherHostname); my $that = sockaddr_in ($Port, $OtherHostAddr); $result = socket(S, &PF_INET, &SOCK_STREAM, $proto) || return undef; $result = connect(S, $that) || return undef; select(S); $| = 1; select(STDOUT); # set S to be un-buffered return 1; # success } |
