--nagios: run as a nagios plugin

arenstar · Dec 23, 2014 · 983f85d · 983f85d
1 parent 818bf29
commit 983f85d
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -259,6 +259,11 @@ operators should now what level they want to match against, based on the
 compatibility level they want to support. Again, refer to
 https://wiki.mozilla.org/Security/Server_Side_TLS for more information.
 
+Note on Nagios mode:
+cipherscan can take more than 10 seconds to complete. To alleviate any timeout
+issues, you may want to run it outside of nagios, passing data through some
+temporary file.
+
 Contributors
 ------------
 

diff --git a/analyze.py b/analyze.py
@@ -304,7 +304,8 @@ def evaluate_all(results):
 
     return status
 
-def process_results(data, level=None, do_json=False):
+def process_results(data, level=None, do_json=False, do_nagios=False):
+    exit_status = 0
     results = dict()
     # initialize the failures struct
     global failures
@@ -353,20 +354,26 @@ def process_results(data, level=None, do_json=False):
         print("\nThings that are bad:")
         for failure in failures['fubar']:
             print("* " + failure)
+        if do_nagios:
+            exit_status = 2
 
     # print failures
     if level != 'none':
         if len(failures[level]) > 0:
             print("\nChanges needed to match the " + level + " level:")
             for failure in failures[level]:
                 print("* " + failure)
+            if do_nagios and exit_status < 2:
+                exit_status = 1
     else:
         for lvl in ['old', 'intermediate', 'modern']:
            if len(failures[lvl]) > 0:
                 print("\nChanges needed to match the " + lvl + " level:")
                 for failure in failures[lvl]:
                     print("* " + failure)
-    return True
+                if do_nagios and exit_status < 2:
+                    exit_status = 1
+    return exit_status
 
 def build_ciphers_lists(opensslbin):
     global all_ciphers, old_ciphers, intermediate_ciphers, modern_ciphers, errors
@@ -445,6 +452,8 @@ def main():
         help='output results in json format')
     parser.add_argument('--ops', dest='operator',
         help='optional name of the operator\'s team added into the JSON output (for database insertion)')
+    parser.add_argument('--nagios', dest='nagios', action='store_true',
+        help='use nagios-conformant exit codes')
     args = parser.parse_args()
 
     if args.debug:
@@ -467,15 +476,19 @@ def main():
             data = subprocess.check_output(['./cipherscan', '-o', args.openssl, '-j', args.target])
         else:
             data = subprocess.check_output(['./cipherscan', '-j', args.target])
-        process_results(data, args.level, args.json)
+        exit_status=process_results(data, args.level, args.json, args.nagios)
     else:
         if os.fstat(args.infile.fileno()).st_size < 2:
             logging.error("invalid input file")
             parser.print_help()
-            sys.exit(1)
+            if args.nagios:
+                sys.exit(3)
+            else:
+                sys.exit(1)
         data = args.infile.readline()
         logging.debug('Evaluating results from stdin: ' + data)
-        process_results(data, args.level, args.json)
+        exit_status=process_results(data, args.level, args.json, args.nagios)
+    sys.exit(exit_status)
 
 if __name__ == "__main__":
     main()