2 files changed, 184 insertions, 0 deletions

diff --git a/files/plugins/check_gpg b/files/plugins/check_gpg
new file mode 100644
index 0000000..eb9fa51
--- /dev/null
+++ b/files/plugins/check_gpg
@@ -0,0 +1,115 @@
+#!/bin/bash
+#
+# Nagios plugin that checks whether a key ID has expired, or will expire within
+# a certain time.
+#
+# note: the plugin will issue a critical state if the required key has been
+# revoked.
+#
+# usage: check_gpg [-w <num_days>] [--gnupg-homedir <path>] <key_id>
+#
+# <key_id> is any PGP key ID that GnuPG accepts with "gpg --list-key <key_id>"
+#
+# The option -w parameter lets you specify the number of days within which key
+# expiry will trigger a warning. e.g. if <key_id> expires within <num_days>
+# days, make nagios issue a warning.
+#
+# num_days must be an integer value
+#
+# optionally, if the keyring directory you want GPG to use is not located in
+# the user's ~/.gnupg, you can specify the path to the keyring directory with
+# the --gnupg-homedir parameter.
+#
+# Thanks a bunch to Daniel Kahn Gillmor for providing example commands that
+# made up most of the core of this plugin.
+#
+# Copyleft Gabriel Filion
+#
+# This plugin is released under the GPL v3+ license. To get a copy of the
+# license text visit: https://www.gnu.org/licenses/gpl-3.0.txt
+#
+SECS_IN_DAY=86400
+
+function debug () {
+  if [ -n "$DEBUG" ]; then
+      echo "$1" >&2
+  fi
+}
+
+debug "got args: $*"
+
+now=$(date +%s)
+debug "current timestamp: $now"
+
+warning_threshold=
+homedir=
+homedir_path=~/.gnupg
+for arg in $*; do
+    case $arg in
+        "-w")
+            if [ -z "$2" ]; then
+                echo "UNKNOWN: argument -w got no value. integer needed"
+                exit 3
+            fi
+            if [ "`echo $2 | egrep ^[[:digit:]]+$`" = "" ]; then
+                echo "UNKNOWN: invalid value '$2' passed to -w. integer needed"
+                exit 3
+            fi
+            warning_threshold=$(( $now + ($2*$SECS_IN_DAY) ))
+            debug "setting warning_threshold to '$warning_threshold'"
+
+            shift 2
+        ;;
+        "--gnupg-homedir")
+            if [ -z "$2" ]; then
+                echo "UNKNOWN: argument --gnupg-homedir got no value. path needed"
+                exit 3
+            fi
+            if [ ! -d "$2" ]; then
+                echo "UNKNOWN: homedir '$2' does not exist or is not a directory"
+                exit 3
+            fi
+            homedir_path=$2
+            homedir="--homedir ${homedir_path}"
+            debug "setting homedir to '$homedir_path'"
+
+            shift 2
+        ;;
+    esac
+done
+
+if [ -z "$1" ]; then
+    echo "UNKNOWN: must provide a key ID"
+    exit 3
+fi
+key="$1"
+
+# GPG is too stupid to error out when asked to refresh a key that's not in the
+# local keyring so we need to perform another call to verify this first.
+output=$( { gpg $homedir --list-key "$key" >/dev/null && gpg $homedir --refresh --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options ca-cert-file=$homedir_path/sks-keyservers.netCA.pem "$key" >/dev/null; } 2>&1 )
+if [ $? -ne 0 ]; then
+    echo "UNKNOWN: $output"
+    exit 3
+fi
+
+if [ "$(gpg $homedir --check-sig "$key" | grep "^rev!")" != "" ]; then
+    echo "CRITICAL: key '$key' has been revoked!"
+    exit 1
+fi
+
+for expiry in $(gpg $homedir --with-colons --fixed-list-mode --list-key "$key" 2>/dev/null | awk -F: '/^pub:/{ print $7 }');
+do
+    debug "expiry value: $expiry"
+
+    if [ "$now" -gt "$expiry" ] ; then
+        printf "CRITICAL: %s has expired on %s\n" "$key" "$(date -d "$expiry seconds")";
+        exit 1;
+    fi;
+    if [ -n "$warning_threshold" ] && [ "$warning_threshold" -gt "$expiry" ]; then
+        remaining=$(( ($expiry-$now) / $SECS_IN_DAY ))
+        printf "WARNING: %s expires in %s days\n" "$key" "$remaining";
+        exit 2;
+    fi
+done
+
+echo "OK: key '$key' has not expired."
diff --git a/files/plugins/check_horde_login b/files/plugins/check_horde_login
new file mode 100644
index 0000000..4c63daa
--- /dev/null
+++ b/files/plugins/check_horde_login
@@ -0,0 +1,69 @@
+#!/bin/env python
+# vi:si:et:sw=4:sts=4:ts=4
+# -*- coding: UTF-8 -*-
+# -*- Mode: Python -*-
+#
+# Copyright (C) 2015 mh <mh@immerda.ch>
+
+# This file may be distributed and/or modified under the terms of
+# the GNU General Public License version 2 as published by
+# the Free Software Foundation.
+# This file is distributed without any warranty; without even the implied
+# warranty of merchantability or fitness for a particular purpose.
+#
+
+import sys, os, requests, getopt
+
+def usage():
+    print sys.argv[0] + " -u username "+ \
+                          "-p password " + \
+                          "-s server path"
+    sys.exit(1)
+
+def main():
+    try:
+        opts, args = getopt.getopt(sys.argv[1:], "u:p:s:h")
+    except getopt.GetoptError:
+        usage()
+        return 3
+
+    user = url = password = None
+
+    for o, a in opts:
+        if o == "-u":
+            user = a
+        elif o == "-p":
+            password = a
+        elif o == "-s":
+            url = a + "/login.php"
+        elif o == '-h':
+            usage()
+
+    if user == None or password == None or url == None:
+        usage()
+
+    params = { 'horde_user':         user,
+               'horde_pass':         password,
+               'horde_select_view':  'auto',
+               'anchor_string':      '',
+               'app':                '',
+               'login_post':         1,
+               'new_lang':           'en_US',
+               'url':                '',
+             }
+
+
+    r = requests.post(url, data=params, allow_redirects=False)
+    # on a successfully login we are redirected to the mailbox
+    if r.status_code == 302:
+        print "OK"
+        sys.exit(0)
+    else:
+        print "Error"
+        sys.exit(2)
+
+
+if __name__ == "__main__":
+    sys.exit(main())
+
+