问题
I'm writing a Nagios plugin that use xml output from sslyze to calculate SSL score based on Qualys Server Rating Guide.
Here're my code:
if certificateMatchesServerHostname == 'True' and expire_in.days > 0 and validationResult == 'ok':
...
final_score = protocol_score * 0.3 + key_score * 0.3 + cipher_score * 0.4
return [nap.Metric('sslscore', final_score, min=0, max=100)]
elif certificateMatchesServerHostname != 'True':
return [nap.Metric('serverHostname', hostnameValidation[0].attrib['serverHostname'])]
elif expire_in.days <= 0:
return [nap.Metric('expireInDays', expire_in.days)]
elif validationResult != 'ok':
return [nap.Metric('validationResult', validationResult)]
@nap.guarded
def main():
check = nap.Check(
SslConfiguration(),
nap.ScalarContext('sslscore', nap.Range('@65:80'), nap.Range('@0:65')),
nap.ScalarContext('serverHostname', fmt_metric='The certificate does not match the host name {value}'),
nap.ScalarContext('expireInDays', nap.Range('@:0'), fmt_metric='The certificate expired {value} days ago'),
nap.ScalarContext('validationResult', fmt_metric='This server\'s certificate is not trusted: {value}'))
check.main(timeout=60)
The reason I have to use multiple ScalarContext is I would like to show different fmt_metric if there is a problem with SSL certificate: does not match, expired, not trust, ...
With the above code, the output looks something like this:
SSLCONFIGURATION CRITICAL - The certificate does not match the host name a.b.c.d (outside range 0:)
critical: The certificate does not match the host name a.b.c.d (outside range 0:)
| serverHostname=a.b.c.d
What I really want to display is:
SSLCONFIGURATION CRITICAL - final_score is 0 (The certificate does not match the host name a.b.c.d) | sslscore=0;@65:80;@65;0;100
So, I have some questions:
How can I display different
fmt_metricbased on the sslscore value, in only one contextsslscore?How to remove the redundant line (2nd)?
critical: The certificate does not match the host name a.b.c.d (outside range 0:)How to move the metric (3rd line) to at the end of the first line?
回答1:
With a help from my friend, I finally solved the problem.
About the first question, we can use the nagiosplugin.summary module to change the status line, something like this:
class SslConfiguration(nap.Resource):
def __init__(self, host, port):
self.host = host
self.port = port
def check(self):
...
if hostname_validation.startswith('OK') and expire_in.days > 0 and is_trusted == 'OK':
final_score = protocol_score * 0.3 + key_score * 0.3 + cipher_score * 0.4
else:
final_score = 0
return (hostname_validation, is_trusted, expire_in.days, final_score)
def probe(self):
if self.check()[3] > 0:
return [nap.Metric('sslscore', self.check()[3])]
elif not self.check()[0].startswith('OK'):
return [nap.Metric('sslscore', 0, context='serverHostname')]
elif self.check()[1] != 'OK':
return [nap.Metric('sslscore', 0, context='validationResult')]
elif self.check()[2] <= 0:
return [nap.Metric('sslscore', 0, context='expireInDays')]
class SslSummary(nap.Summary):
def __init__(self, host, port):
self.host = host
self.port = port
def status_line(self, results):
ssl_configuration = SslConfiguration(self.host, self.port)
if results['sslscore'].context.name == 'serverHostname':
return "sslscore is 0 ({0})".format(ssl_configuration.check()[0])
elif results['sslscore'].context.name == 'validationResult':
return "sslscore is 0 ({0})".format(ssl_configuration.check()[1])
elif results['sslscore'].context.name == 'expireInDays':
return "sslscore is 0 (The certificate expired {0} days ago)".format(ssl_configuration.check()[2])
def problem(self, results):
return self.status_line(results)
The second and third question can be solved by setting the verbose parameter of main() to zero:
@nap.guarded
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-H', '--host', type=str, required=True)
parser.add_argument('-p', '--port', type=int, default=443)
parser.add_argument('-v', '--verbose', action='count', default=0, help="increase output verbosity (use up to 3 times)")
parser.add_argument('-t', '--timeout', type=int, default=60)
args = parser.parse_args()
check = nap.Check(
SslConfiguration(args.host, args.port),
nap.ScalarContext('sslscore', nap.Range('@65:80'), nap.Range('@0:65')),
nap.ScalarContext('serverHostname', nap.Range('@65:80'), nap.Range('@0:65')),
nap.ScalarContext('validationResult', nap.Range('@65:80'), nap.Range('@0:65')),
nap.ScalarContext('expireInDays', nap.Range('@65:80'), nap.Range('@0:65')),
SslSummary(args.host, args.port))
check.main(args.verbose, args.timeout)
Now the output can help sysadmin to know what is going on:
check_ssl_configuration.py -H google.com
SSLCONFIGURATION OK - sslscore is 87 | sslscore=87.0;@65:80;@65
check_ssl_configuration.py -H 173.194.127.169
SSLCONFIGURATION CRITICAL - sslscore is 0 (FAILED - Certificate does NOT match 173.194.127.169) | sslscore=0;@65:80;@65
来源:https://stackoverflow.com/questions/23976631/nagiosplugin-how-to-show-different-fmt-metric-based-on-the-value