#!/usr/bin/perl

###################################################################
# filename : check_vpn_netasq.pl                                  #
# version  : 01                                                   #
# Il faut (héla) activer "securite+SSH+Acces par mot de passe".  #
# Il faut faire une regle de filtrage pour protection.            #
# L'option WARNING ne sert a rien, seul l'état critical est pris  #
# en compte.                                                      #
# By : Laurent ARCHAMBAULT <archi.laurent@gmail.com>              #
#                                                                 #
# define command{                                                 #
#command_name	check_vpn                                         #
#command_line	sudo $USER1$/check_vpn_netasq.pl -H 192.168.1.254 -u admin -p mandrake -w 2 -c 2
#}
#                                                                 #
# history : 01 publication                                        #
###################################################################

use strict;
#use warnings;
use Nagios::Plugin;
use Net::OpenSSH;

# preparation pour nagios::pugin
##############################################################################
my $plugin = Nagios::Plugin->new(
        usage   => "Usage: %s -H <host> -p <password> -c <critical>",
        version => '0.1',
        blurb   => 'Script to check Netasq (VPN) ',
        plugin  => 'check_vpn_netasq',
        url     => 'Created by Laurent ARCHAMBAULT <archi.laurent@gmail.com>',
        timeout => '15'
);

$plugin->add_arg(spec => 'host|H=s',help     => "-H, --host=ADDRESSE\n   Addresse(hôte)",required  => 1);
$plugin->add_arg(spec => 'username|u=s',help => "-u, --username=STRING\n   User SSH",    required  => 1);
$plugin->add_arg(spec => 'password|p=s',help => "-u, --password=STRING\n   User SSH password",required  => 1);
# cette ligne est presente mais ne sert a rien pour les VPN (non utilise)
$plugin->add_arg(spec => 'warning|w=s', help => "-w, --warning=STRING\n   Warning value");
$plugin->add_arg(spec => 'critical|c=s',help => "-c, --critical=STRING\n   Critical value");

$plugin->getopts();
my $opts = $plugin->opts();

$SIG{ALRM} = sub { $plugin->nagios_exit(UNKNOWN, "Timeout reached"); };
alarm $opts->get('timeout');

#########################################################

my $host        = $opts->get('host');
my $username    = $opts->get('username');
my $mdp         = $opts->get('password');	
my $crit         = int($opts->get('critical'));	

##########################################################
# Affichage finale vs Nagios
sub nagios_end {
        my ($code, $message) = $plugin->check_messages();
        $plugin->nagios_exit($code, $message);
	}
###########################################################
# Connection SSH
my $ssh = Net::OpenSSH->new($host,
        	user                => $username,
        	passwd		    => $mdp,
		port                => 22,
        	kill_ssh_on_timeout => 1,
        	timeout             => 30,
		);

####################################################################################################################
# vs longer :
#$plugin->nagios_exit(UNKNOWN, "ERROR SSH/Netasq ".$host." (Error: ".$ssh->error.")") if ( $ssh->error );
# vs lighter :
$plugin->nagios_exit(UNKNOWN, "ERROR SSH/Netasq ".$host) if ( $ssh->error );

        # Recuperation du status
        #my $return_status = $ssh->capture("showSAD | grep -E \"(mature|larval)\"");
        my $return_status = $ssh->capture("showSAD | grep -E \"(mature)\"");
	# il faut extraire les données de : globalvpn: active=00 name="" sync=1
        $return_status =~ m/.*active=([1-9]+|[0]).*sync=([0-9]+)/;
	
	my $temp = $1;	
	if ($return_status =="" ) { $temp = "0"; }

	# Test critique ou pas :	
	if ($temp < $crit)   {  $plugin->add_message(CRITICAL, "VPN=".$temp ." - " .$return_status);
	} else {           $plugin->add_message(OK, "VPN=".$1 ." - " .$return_status);	}

	
# Et voilà quoi qu'il arrive on sort
&nagios_end;