1 |
-- Copyright (c) 2011, OmniTI Computer Consulting, Inc. |
---|
2 |
-- All rights reserved. |
---|
3 |
-- |
---|
4 |
-- Redistribution and use in source and binary forms, with or without |
---|
5 |
-- modification, are permitted provided that the following conditions are |
---|
6 |
-- met: |
---|
7 |
-- |
---|
8 |
-- * Redistributions of source code must retain the above copyright |
---|
9 |
-- notice, this list of conditions and the following disclaimer. |
---|
10 |
-- * Redistributions in binary form must reproduce the above |
---|
11 |
-- copyright notice, this list of conditions and the following |
---|
12 |
-- disclaimer in the documentation and/or other materials provided |
---|
13 |
-- with the distribution. |
---|
14 |
-- * Neither the name OmniTI Computer Consulting, Inc. nor the names |
---|
15 |
-- of its contributors may be used to endorse or promote products |
---|
16 |
-- derived from this software without specific prior written |
---|
17 |
-- permission. |
---|
18 |
-- |
---|
19 |
-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
---|
20 |
-- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
---|
21 |
-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
---|
22 |
-- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
---|
23 |
-- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
---|
24 |
-- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
---|
25 |
-- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
---|
26 |
-- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
---|
27 |
-- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
---|
28 |
-- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
---|
29 |
-- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
---|
30 |
|
---|
31 |
module(..., package.seeall) |
---|
32 |
|
---|
33 |
function onload(image) |
---|
34 |
image.xml_description([=[ |
---|
35 |
<module> |
---|
36 |
<name>imap</name> |
---|
37 |
<description><para>IMAP metrics check.</para></description> |
---|
38 |
<loader>lua</loader> |
---|
39 |
<object>noit.module.imap</object> |
---|
40 |
<moduleconfig /> |
---|
41 |
<checkconfig> |
---|
42 |
<parameter name="port" required="required" |
---|
43 |
allowed="\d+">Specifies the port on which the management interface can be reached.</parameter> |
---|
44 |
<parameter name="auth_user" required="required" |
---|
45 |
allowed=".+">The IMAP user.</parameter> |
---|
46 |
<parameter name="auth_password" required="required" |
---|
47 |
allowed=".+">The IMAP password.</parameter> |
---|
48 |
<parameter name="folder" required="optional" default="INBOX" |
---|
49 |
allowed=".+">The folder that should be examined.</parameter> |
---|
50 |
<parameter name="search" required="optional" |
---|
51 |
allowed=".+">Specify an optional IMAP SEARCH operation to execute after EXAMINE</parameter> |
---|
52 |
<parameter name="fetch" required="optional" default="false" |
---|
53 |
allowed="(?:true|false|on|off)">Fetch either that highest UID or last SEARCH result.</parameter> |
---|
54 |
<parameter name="use_ssl" required="optional" allowed="^(?:true|false|on|off)$" default="false">Upgrade TCP connection to use SSL.</parameter> |
---|
55 |
<parameter name="ca_chain" |
---|
56 |
required="optional" |
---|
57 |
allowed=".+">A path to a file containing all the certificate authorities that should be loaded to validat |
---|
58 |
e the remote certificate (for SSL checks).</parameter> |
---|
59 |
<parameter name="certificate_file" |
---|
60 |
required="optional" |
---|
61 |
allowed=".+">A path to a file containing the client certificate that will be presented to the remote serv |
---|
62 |
er (for SSL checks).</parameter> |
---|
63 |
<parameter name="key_file" |
---|
64 |
required="optional" |
---|
65 |
allowed=".+">A path to a file containing key to be used in conjunction with the cilent certificate (for S |
---|
66 |
SL checks).</parameter> |
---|
67 |
<parameter name="ciphers" |
---|
68 |
required="optional" |
---|
69 |
allowed=".+">A list of ciphers to be used in the SSL protocol (for SSL checks).</parameter> |
---|
70 |
<parameter name="header_Host" |
---|
71 |
required="optional" |
---|
72 |
allowed=".+">The host header to validate against the SSL certificate (for SSL checks).</parameter> |
---|
73 |
</checkconfig> |
---|
74 |
<examples> |
---|
75 |
<example> |
---|
76 |
<title>Checking IMAP connection.</title> |
---|
77 |
<para>This example checks IMAP connection with and without SSL.</para> |
---|
78 |
<programlisting><![CDATA[ |
---|
79 |
<noit> |
---|
80 |
<modules> |
---|
81 |
<loader image="lua" name="lua"> |
---|
82 |
<config><directory>/opt/reconnoiter/libexec/modules-lua/?.lua</directory></config> |
---|
83 |
</loader> |
---|
84 |
<module loader="lua" name="imap" object="noit.module.imap" /> |
---|
85 |
</modules> |
---|
86 |
<checks> |
---|
87 |
<imaps target="10.0.7.2" module="imap" period="10000" timeout="5000"> |
---|
88 |
<check uuid="79ba881e-ad2e-11de-9fb0-a322e3288ca7" name="imap"> |
---|
89 |
<config> |
---|
90 |
<port>143</port> |
---|
91 |
<auth_user>bob</auth_user> |
---|
92 |
<auth_password>bob</auth_password> |
---|
93 |
</config> |
---|
94 |
</check> |
---|
95 |
<check uuid="a18659c2-add8-11de-bd01-7ff0e1a67246" name="imaps"> |
---|
96 |
<config> |
---|
97 |
<port>993</port> |
---|
98 |
<auth_user>bob</auth_user> |
---|
99 |
<auth_password>bob</auth_password> |
---|
100 |
<use_ssl>true</use_ssl> |
---|
101 |
</config> |
---|
102 |
</check> |
---|
103 |
</imaps> |
---|
104 |
</checks> |
---|
105 |
</noit> |
---|
106 |
]]></programlisting> |
---|
107 |
</example> |
---|
108 |
</examples> |
---|
109 |
|
---|
110 |
</module> |
---|
111 |
]=]); |
---|
112 |
return 0 |
---|
113 |
end |
---|
114 |
|
---|
115 |
function init(module) |
---|
116 |
return 0 |
---|
117 |
end |
---|
118 |
|
---|
119 |
function config(module, options) |
---|
120 |
return 0 |
---|
121 |
end |
---|
122 |
|
---|
123 |
function elapsed(check, name, starttime, endtime) |
---|
124 |
local elapsedtime = endtime - starttime |
---|
125 |
local seconds = string.format('%.3f', noit.timeval.seconds(elapsedtime)) |
---|
126 |
check.metric_uint32(name, math.floor(seconds * 1000 + 0.5)) |
---|
127 |
return seconds |
---|
128 |
end |
---|
129 |
|
---|
130 |
function get_banner(e) |
---|
131 |
local line = e:read("\n") |
---|
132 |
local o,eidx,state,rest |
---|
133 |
o,eidx,state,rest = line:find('[*]%s+(%w+)%s*(.*)') |
---|
134 |
return state, rest |
---|
135 |
end |
---|
136 |
|
---|
137 |
function issue_cmd(e, tok, str) |
---|
138 |
local t = {} |
---|
139 |
local bad = {} |
---|
140 |
e:write(tok .. " " .. str .. "\r\n") |
---|
141 |
while true do |
---|
142 |
local line = e:read("\n") |
---|
143 |
line = line:gsub('[\r\n]','') |
---|
144 |
local o,eidx,p1,p2 |
---|
145 |
o,eidx,p1,p2 = line:find(tok .. '%s+(%w+)%s*(.*)') |
---|
146 |
if o == 1 then |
---|
147 |
table.insert(t,p1.." "..p2) |
---|
148 |
return p1, t, bad |
---|
149 |
end |
---|
150 |
o,eidx,p1 = line:find("\*%s+(.+)") |
---|
151 |
if o == 1 then table.insert(t,p1) else table.insert(bad,line) end |
---|
152 |
end |
---|
153 |
return nil, t, bad |
---|
154 |
end |
---|
155 |
|
---|
156 |
function initiate(module, check) |
---|
157 |
local starttime = noit.timeval.now() |
---|
158 |
local folder = check.config.folder or 'INBOX' |
---|
159 |
check.bad() |
---|
160 |
check.unavailable() |
---|
161 |
check.status("unknown error") |
---|
162 |
local port = check.config.port |
---|
163 |
local good = false |
---|
164 |
local status = "" |
---|
165 |
local use_ssl = false |
---|
166 |
local _tok = 0 |
---|
167 |
local last_msg = 0 |
---|
168 |
local host_header = check.config.header_Host or '' |
---|
169 |
|
---|
170 |
if check.target_ip == nil then |
---|
171 |
check.status("dns resolution failure") |
---|
172 |
return |
---|
173 |
end |
---|
174 |
|
---|
175 |
function tok() |
---|
176 |
_tok = _tok + 1 |
---|
177 |
return '.rN.A.' .. _tok |
---|
178 |
end |
---|
179 |
|
---|
180 |
-- SSL |
---|
181 |
if check.config.use_ssl == "true" or check.config.use_ssl == "on" then |
---|
182 |
use_ssl = true |
---|
183 |
end |
---|
184 |
|
---|
185 |
if port == nil then |
---|
186 |
if use_ssl then port = 993 else port = 143 end |
---|
187 |
end |
---|
188 |
|
---|
189 |
local e = noit.socket(check.target_ip) |
---|
190 |
local rv, err = e:connect(check.target_ip, port) |
---|
191 |
|
---|
192 |
if rv ~= 0 then |
---|
193 |
check.status(err or "connect error") |
---|
194 |
return |
---|
195 |
end |
---|
196 |
|
---|
197 |
local ca_chain = |
---|
198 |
noit.conf_get_string("/noit/eventer/config/default_ca_chain") |
---|
199 |
|
---|
200 |
if check.config.ca_chain ~= nil and check.config.ca_chain ~= '' then |
---|
201 |
ca_chain = check.config.ca_chain |
---|
202 |
end |
---|
203 |
|
---|
204 |
if use_ssl == true then |
---|
205 |
rv, err = e:ssl_upgrade_socket(check.config.certificate_file, |
---|
206 |
check.config.key_file, |
---|
207 |
ca_chain, |
---|
208 |
check.config.ciphers) |
---|
209 |
end |
---|
210 |
|
---|
211 |
local connecttime = noit.timeval.now() |
---|
212 |
elapsed(check, "tt_connect", starttime, connecttime) |
---|
213 |
if rv ~= 0 then |
---|
214 |
check.status(err or "connection failed") |
---|
215 |
return |
---|
216 |
end |
---|
217 |
|
---|
218 |
status = "connected" |
---|
219 |
check.available() |
---|
220 |
good = true |
---|
221 |
|
---|
222 |
-- ssl metrics |
---|
223 |
local ssl_ctx = e:ssl_ctx() |
---|
224 |
if ssl_ctx ~= nil then |
---|
225 |
local header_match_error = nil |
---|
226 |
if host_header ~= '' then |
---|
227 |
header_match_error = noit.extras.check_host_header_against_certificate(host_header, ssl_ctx.subject, ssl_ctx.san_list) |
---|
228 |
end |
---|
229 |
if ssl_ctx.error ~= nil then status = status .. ',sslerror' end |
---|
230 |
if header_match_error == nil then |
---|
231 |
check.metric_string("cert_error", ssl_ctx.error) |
---|
232 |
elseif ssl_ctx.error == nil then |
---|
233 |
check.metric_string("cert_error", header_match_error) |
---|
234 |
else |
---|
235 |
check.metric_string("cert_error", ssl_ctx.error .. ', ' .. header_match_error) |
---|
236 |
end |
---|
237 |
check.metric_string("cert_issuer", ssl_ctx.issuer) |
---|
238 |
check.metric_string("cert_subject", ssl_ctx.subject) |
---|
239 |
if ssl_ctx.san_list ~= nil then |
---|
240 |
check.metric_string("cert_subject_alternative_names", ssl_ctx.san_list) |
---|
241 |
end |
---|
242 |
check.metric_uint32("cert_start", ssl_ctx.start_time) |
---|
243 |
check.metric_uint32("cert_end", ssl_ctx.end_time) |
---|
244 |
if noit.timeval.seconds(starttime) > ssl_ctx.end_time then |
---|
245 |
good = false |
---|
246 |
status = status .. ',ssl=expired' |
---|
247 |
end |
---|
248 |
end |
---|
249 |
|
---|
250 |
-- match banner |
---|
251 |
local ok, banner |
---|
252 |
ok, banner = get_banner(e) |
---|
253 |
local firstbytetime = noit.timeval.now() |
---|
254 |
elapsed(check, "tt_firstbyte", starttime, firstbytetime) |
---|
255 |
check.metric_string('banner', ok) |
---|
256 |
if ok ~= "OK" then |
---|
257 |
check.metric_string('banner', ok .. " " .. banner) |
---|
258 |
good = false |
---|
259 |
end |
---|
260 |
local state, lines, errors |
---|
261 |
|
---|
262 |
-- login |
---|
263 |
local lstart = noit.timeval.now() |
---|
264 |
state, lines, errors = issue_cmd(e, tok(), "LOGIN " .. |
---|
265 |
check.config.auth_user .. " " .. |
---|
266 |
check.config.auth_password) |
---|
267 |
elapsed(check, "login`duration", lstart, noit.timeval.now()) |
---|
268 |
check.metric_string("login`status", lines[ # lines ]) |
---|
269 |
if state ~= "OK" then good = false |
---|
270 |
else |
---|
271 |
-- Examine the mailbox |
---|
272 |
local estart = noit.timeval.now() |
---|
273 |
state, lines, errors = issue_cmd(e, tok(), "EXAMINE " .. folder) |
---|
274 |
elapsed(check, 'examine`duration', estart, noit.timeval.now()) |
---|
275 |
check.metric_string('examine`status', lines[ # lines ]) |
---|
276 |
if ok ~= "OK" then good = false |
---|
277 |
else |
---|
278 |
local num, type, num_exists, num_recent = nil |
---|
279 |
for i,v in ipairs(lines) do |
---|
280 |
num, type = v:match("(%d+)%s+(.+)") |
---|
281 |
if type == "EXISTS" then num_exists = num |
---|
282 |
elseif type == "RECENT" then num_recent = num |
---|
283 |
end |
---|
284 |
end |
---|
285 |
last_msg = num_exists |
---|
286 |
check.metric_uint32('messages`total', num_exists) |
---|
287 |
check.metric_uint32('messages`recent', num_recent) |
---|
288 |
end |
---|
289 |
end |
---|
290 |
|
---|
291 |
if check.config.search ~= nil then |
---|
292 |
last_msg = nil |
---|
293 |
local search = check.config.search:gsub("[\r\n]", "") |
---|
294 |
local sstart = noit.timeval.now() |
---|
295 |
state, lines, errors = issue_cmd(e, tok(), "SEARCH " .. search) |
---|
296 |
elapsed(check, "search`duration", sstart, noit.timeval.now()) |
---|
297 |
if ok ~= "OK" then good = false |
---|
298 |
else |
---|
299 |
local matches = 0 |
---|
300 |
for i,v in ipairs(lines) do |
---|
301 |
local msgs = v:match("SEARCH%s+(.+)") |
---|
302 |
if msgs ~= nil then |
---|
303 |
for m in msgs:gmatch("(%d+)") do |
---|
304 |
matches = matches + 1 |
---|
305 |
last_msg = m + 0 |
---|
306 |
end |
---|
307 |
end |
---|
308 |
end |
---|
309 |
check.metric_uint32('search`total', matches) |
---|
310 |
end |
---|
311 |
end |
---|
312 |
|
---|
313 |
if check.config.fetch ~= nil and |
---|
314 |
(check.config.fetch == "true" or check.config.fetch == "on") and |
---|
315 |
last_msg ~= nil and |
---|
316 |
last_msg > 0 then |
---|
317 |
local fstart = noit.timeval.now() |
---|
318 |
state, lines, errors = issue_cmd(e, tok(), "FETCH " .. last_msg .. " RFC822") |
---|
319 |
elapsed(check, "fetch`duration", fstart, noit.timeval.now()) |
---|
320 |
check.metric_string('fetch`status', state) |
---|
321 |
end |
---|
322 |
|
---|
323 |
-- bye |
---|
324 |
state, lines, errors = issue_cmd(e, tok(), "LOGOUT") |
---|
325 |
check.metric_string('logout', state) |
---|
326 |
|
---|
327 |
-- turnaround time |
---|
328 |
local endtime = noit.timeval.now() |
---|
329 |
local seconds = elapsed(check, "duration", starttime, endtime) |
---|
330 |
status = status .. ',rt=' .. seconds .. 's' |
---|
331 |
if good then check.good() else check.bad() end |
---|
332 |
check.status(status) |
---|
333 |
end |
---|
334 |
|
---|