#!/usr/local/bin/perl # check Aruba ClearPass # use Getopt::Long qw(:config no_ignore_case); use strict; use warnings; no warnings 'uninitialized'; no warnings 'redefine'; use LWP::Simple; use LWP::Protocol::http; use XML::LibXML; use Data::Dumper; use vars qw( $host $user $passwdfile $passwd $help $verbose @crits @warns @oks @unknowns $rc $sep); $user = "admin"; $passwdfile = "/usr/local/nagios/etc/aruba_login.pw"; ######################## sub usage() { my($rc) = @_; print "Usage: $0 [options] -H -H s hostname -v verbose -h help "; exit $rc; } Getopt::Long::Configure ("bundling"); GetOptions('H=s' => \$host, 'v' => \$verbose, 'h' => \$help); &usage( 0 ) if ( $help ); &usage( 1 ) if ( ! $host ); $passwd = get_password( $passwdfile ); if ( $passwd ) { check_clearpass(); } $rc = 0; $sep = ''; if ( $#crits >= 0 ) { $rc = 2; print "CRITICAL ", join( ", ", @crits ); $sep = '; '; } if ( $#warns >= 0 ) { $rc = 1 if ( $rc == 0 ); print $sep, "Warning ", join( ", ", @warns ); $sep = '; '; } if ( $#unknowns >= 0 ) { $rc = 3 if ( $rc == 0 ); print $sep, "Unknown ", join( ", ", @unknowns ); $sep = '; '; } if ( $rc == 0 || $verbose ) { print $sep, "Ok ", join( ", ", @oks ); $sep = '; '; } print "\n"; exit $rc; ######################## sub check_clearpass { my( $request, $data ); $request = qq{ }; #$data = read_api( "GuestUser", $request ); $request = qq{ }; #$data = read_api( "ServerConfig", $request ); $request = qq{ }; #$data = read_api( "LocalUser", $request ); $request = qq{ }; #$data = read_api( "Endpoint", $request ); # doesn't do much $request = qq{ }; #$data = read_api( "StaticHostList", $request ); #$data = read_method( "Role" ); #$data = read_method( "RoleMapping" ); $data = read_method( "Service" ); } sub read_method { my( $entity ) = @_; my( $request, $data ); $request = qq{ }; $data = read_api( "$entity", $request ); return $data; my $parser = XML::LibXML->new(); $parser->set_option( 'recover', 1 ); $parser->set_option( 'suppress_errors', 1 ); $parser->set_option( 'suppress_warnings', 1 ); my $doc = $parser->load_xml(string => $data); my $nok = 0; foreach my $test ($doc->findnodes('/Tests/test')) { my $result = $test->findnodes('./result'); my $name = $test->findnodes('./name'); $verbose && print STDERR $name->to_literal . " ==> " . $result->to_literal, "\n"; my $res_val = int($result->to_literal()); if ($res_val == 1) { push @warns, $name->to_literal; } elsif ($res_val == 2) { push @crits, $name->to_literal; } else { $nok++; } } if ( $nok < 1 ) { push @crits, "exchange server did not return any test results in XML"; } else { push @oks, "$nok tests ok"; } } sub read_api { my( $entity, $xml ) = @_; my( $url, $ua, $req, $res, $data ); $url = "https://$user:$passwd\@$host/tipsapi/config/read/$entity"; @LWP::Protocol::http::EXTRA_SOCK_OPTS = ( SSL_verify_mode => 0 ); $ua = LWP::UserAgent->new; $ua->ssl_opts( verify_hostname => 0 ); $req = HTTP::Request->new( POST => $url ); $req->protocol( 'HTTP/1.0' ); $req->content( $xml ); $res = $ua->request($req); $data = $res->content; if (! defined($data) ) { push @crits, "Connection failed"; return; } if ( $verbose ) { open( pH, '|-', 'xmllint --format --recover -' ); print pH $data, "\n"; close pH; } return $data; } sub get_password { my( $file ) = @_; my( $passwd ); if ( ! open( pwH, '<', $file ) ) { push @unknowns, "can't open $file: $!\n"; return undef; } $passwd = ; close pwH; chomp $passwd; return $passwd; }