#!/bin/sh . /usr/local/libexec/nagios/utils.sh cd /etc/namedb/ expiry=`/usr/bin/make -VEXPIRY` date_warn=`/usr/local/bin/gdate -u -d "$expiry" +"%Y%m%d%H%M%S"` date_crit=`/usr/local/bin/gdate -u -d "$expiry - 1 day" +"%Y%m%d%H%M%S"` now=`/usr/local/bin/gdate -u -d "5 minutes ago" +"%Y%m%d%H%M%S"` # just in case now is too late ( if [ "a$1" = "aaxfr" ] then for i in `/usr/bin/make -VSIGNED:R:T` do if [ -z "$2" ] then dig +noall +answer axfr @127.0.0.1 $i else dig +noall +answer axfr @$2 $i fi done else cat `/usr/bin/make -VSIGNED` fi ) | /usr/bin/awk " BEGIN { # expiration expir = 0 expir_count = 0 expir_ok = 0 # inception incep = 0 incep_count = 0 incep_ok = 0 # count sig_count = 0 # warn ou crit crit = 0 } \$4 == \"SOA\" { # store the zone in case of error zone=\$1 } \$4 == \"RRSIG\" { sig_count = sig_count + 1 # for OK result if (\$9 < expir_ok || expir_ok == 0) { # store the first to expire expir_ok = \$9 expir_enr = \$1 } if (\$10 > incep_ok) { # store the last to have been created incep_ok = \$10 incep_enr = \$1 } # those are errors : # if the inception is after *now* it's a very very bad thing if (\$10 > $now) { if (\$10 > incep) { error = \"zone \" zone \" has record \" \$1 \" with inception in the future at \" \$9 incep = \$10 } incep_count = incep_count + 1 } # if the expiration date is before the allowed one, and there is no inception error, store that error message if (\$9 < $date_warn && incep_count == 0) { if (\$9 < expir || expir == 0) { error = \"zone \" zone \" has record \" \$1 \" expiring at \" \$9 \", less than $expiry\" expir = \$9 if (\$9 < $date_crit) { crit = 1 } } expir_count = expir_count + 1 } } function datetostr(diff) { ret = \"\" go = 0 if (int(diff/86400) > 0) { go = 1 ret = sprintf(\"%dd\", int(diff/86400)) } if (go == 1 || int(diff%86400/3600) > 0) { go = 1 ret = sprintf(\"%s%02dh\", ret, int(diff%86400/3600)) } if (go == 1 || int(diff%3600/60) > 0) { ret = sprintf(\"%s%02dm\", ret, int(diff%3600/60)) } ret = sprintf(\"%s%02ds\", ret, int(diff%60)) return ret } END { \"/usr/local/bin/gdate -u +%s\" | getline now_ts if (expir_count == 0 && incep_count == 0) { # get unix timestampts for the first expiration and last inception \"/usr/local/bin/gdate -u -d '\" substr(expir_ok, 1, 4) \"-\" substr(expir_ok, 5, 2) \"-\" substr(expir_ok, 7, 2) \" \" substr(expir_ok, 9, 2) \":\" substr(expir_ok, 11, 2) \":\" substr(expir_ok, 13, 2) \"' +%s\" | getline expir_ts \"/usr/local/bin/gdate -u -d '\" substr(incep_ok, 1, 4) \"-\" substr(incep_ok, 5, 2) \"-\" substr(incep_ok, 7, 2) \" \" substr(incep_ok, 9, 2) \":\" substr(incep_ok, 11, 2) \":\" substr(incep_ok, 13, 2) \"' +%s\" | getline incep_ts # and print all good :-) print \"All \" sig_count \" signatures are OK (first expiry : \"expir_enr\" at \"expir_ok\" in \"datetostr(expir_ts - now_ts)\") (last inception : \"incep_enr\" at \"incep_ok\", \"datetostr(now_ts - incep_ts)\" ago)\" exit $STATE_OK } else { # if there's inceptions errors, show the right count if (incep_count > 0) { \"/usr/local/bin/gdate -u -d '\" substr(incep, 1, 4) \"-\" substr(incep, 5, 2) \"-\" substr(incep, 7, 2) \" \" substr(incep, 9, 2) \":\" substr(incep, 11, 2) \":\" substr(incep, 13, 2) \"' +%s\" | getline incep_ts incep_diff = now_ts - incep_ts incep_str = int(incep_diff/86400) \"d\" int(incep_diff%86400/3600) \"h\" int(incep_diff%3600/60) \"m\" int(incep_diff%60) \"s\" print error \", \" incep_str \" ago\" if (incep_count > 1) { print \" (\" (incep_count-1) \" other)\" } } else { \"/usr/local/bin/gdate -u -d '\" substr(expir, 1, 4) \"-\" substr(expir, 5, 2) \"-\" substr(expir, 7, 2) \" \" substr(expir, 9, 2) \":\" substr(expir, 11, 2) \":\" substr(expir, 13, 2) \"' +%s\" | getline expir_ts print error \", in \" datetostr(expir_ts - now_ts) if (expir_count > 1) { print \" (\" (expir_count-1) \" other)\" } } if (crit == 0) { exit $STATE_WARNING } else { exit $STATE_CRITICAL } } } "