aboutsummaryrefslogblamecommitdiff
path: root/libexec/check_ftp
blob: ca444209e87ed5c3637bfb54124bb85ea341dfd4 (plain) (tree)
1
2

      


















                                                                               


                                                                         











                                    
                                      




                        
                      






                                                                               

                                              















































                                                                               
                                                      











                                                                              
#!perl
#
# Copyright (C) 2020--2021 Tom Ryder <tom@sanctum.geek.nz>
#
# This file is part of nagios-check-ftp.
#
# nagios-check-ftp is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option) any
# later version.
#
# nagios-check-ftp is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along with
# nagios-check-ftp.  If not, see <https://www.gnu.org/licenses/>.
#

#
# Check that we can connect to an FTP server, with opportunistic TLS; the
# check_ftp plugin that comes with Monitoring::Plugin doesn't do this.
#
package main;

# Force me to write this properly
use strict;
use warnings;
use utf8;

# Require at least this Perl version
use 5.010_001;

# Import required modules
use English qw(-no_match_vars);
use Exception::Class qw(TLSException);
use Monitoring::Plugin;
use Net::FTP;
use Try::Tiny;

# Decree package version
our $VERSION = '1.01';

# Add description and license package variables
our $DESCRIPTION = <<'EOF';
This plugin makes an FTP connection to a nominated server, optionally including
a STARTTLS upgrade for FTPS.  It does not support implicit FTPS.
EOF
our $LICENSE = <<'EOF';
GNU General Public License, Version 3 or newer
<https://www.gnu.org/licenses/gpl-3.0.html>
EOF

# Custom plugin options
our @OPTS = (
    {
        spec    => 'hostname|H=s',
        help    => 'FTP server hostname or address',
        label   => 'HOSTNAME',
        default => 'localhost',
    },
    {
        spec  => 'starttls|S:s',
        help  => 'Try STARTTLS with optional specified hostname',
        label => 'HOSTNAME',
    },
);

# Build Monitoring::Plugin object
my $mp = Monitoring::Plugin->new(
    usage   => 'Usage: %s [--hostname|h HOSTNAME] [--starttls|S [SERVERNAME]]',
    version => $VERSION,
    blurb   => $DESCRIPTION,
    license => $LICENSE,
);

# Anything that dies in here raises ->plugin_die
try {

    # Add and read custom options
    for my $opt (@OPTS) {
        $mp->add_arg( %{$opt} );
    }
    $mp->getopts;

    # Start counting down to timeout
    alarm $mp->opts->timeout;

    # Attempt FTP connection
    my %opts;
    if ( length $mp->opts->starttls ) {
        $opts{SSL_verifycn_name} = $mp->opts->starttls;
    }
    defined( my $ftp = Net::FTP->new( $mp->opts->hostname, %opts ) )
      or $mp->plugin_exit( CRITICAL => 'Failed connect' );

    # If we connected and the server reports that it supports TLS, try it
    if ( defined $mp->opts->starttls ) {
        my $ssl = $ftp->can_ssl
          or TLSException->throw('Client can\'t TLS');
        $ftp->feature('AUTH TLS')
          or $mp->add_message( WARNING => 'AUTH TLS not listed in features' );
        $ftp->starttls
          or $mp->add_message( WARNING => $ssl->errstr || 'STARTTLS error' );
    }
    $mp->plugin_exit( $mp->check_messages );
}
catch {
    $mp->plugin_die($_);
};

1;