From c5c13fa16d7ab2a7577c676ec537e50ced813b7b Mon Sep 17 00:00:00 2001
From: Tom Ryder <tom@sanctum.geek.nz>
Date: Sat, 25 Apr 2020 04:43:17 +1200
Subject: Version 1.00

---
 libexec/check_ftp | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 libexec/check_ftp

(limited to 'libexec')

diff --git a/libexec/check_ftp b/libexec/check_ftp
new file mode 100644
index 0000000..a36dfd3
--- /dev/null
+++ b/libexec/check_ftp
@@ -0,0 +1,96 @@
+#!perl
+#
+# Check that we can connect to an FTP server, with opportunistic TLS; the
+# check_ftp plugin that comes with Monitoring::Plugin doesn't do this.
+#
+# Author: Tom Ryder <tom@sanctum.geek.nz>
+# License: MIT
+#
+package main;
+
+# Force me to write this properly
+use strict;
+use warnings;
+use utf8;
+
+# Require at least this Perl version
+use 5.010_001;
+
+# Import required modules
+use English qw(-no_match_vars);
+use Exception::Class ( PluginException => { alias => 'throw' } );
+use Monitoring::Plugin;
+use Net::FTP;
+use Try::Tiny;
+
+# Decree package version
+our $VERSION = '1.00';
+
+# Add description and license package variables
+our $DESCRIPTION = <<'EOF';
+This plugin makes an FTP connection to a nominated server, optionally including
+a STARTTLS upgrade for FTPS.  It does not support implicit FTPS.
+EOF
+our $LICENSE = <<'EOF';
+MIT License <https://opensource.org/licenses/MIT>
+EOF
+
+# Custom plugin options
+our @OPTS = (
+    {
+        spec    => 'hostname|H=s',
+        help    => 'FTP server hostname or address',
+        label   => 'HOSTNAME',
+        default => 'localhost',
+    },
+    {
+        spec  => 'starttls|S:s',
+        help  => 'Try STARTTLS with optional specified hostname',
+        label => 'HOSTNAME',
+    },
+);
+
+# Build Monitoring::Plugin object
+my $mp = Monitoring::Plugin->new(
+    usage   => 'Usage: %s [--hostname|h HOSTNAME] [--starttls|S [SERVERNAME]]',
+    version => $VERSION,
+    blurb   => $DESCRIPTION,
+    license => $LICENSE,
+);
+
+# Anything that dies in here raises ->plugin_die
+try {
+
+    # Add and read custom options
+    for my $opt (@OPTS) {
+        $mp->add_arg( %{$opt} );
+    }
+    $mp->getopts;
+
+    # Start counting down to timeout
+    alarm $mp->opts->timeout;
+
+    # Attempt FTP connection
+    my %opts;
+    if ( length $mp->opts->starttls ) {
+        $opts{SSL_verifycn_name} = $mp->opts->starttls;
+    }
+    defined( my $ftp = Net::FTP->new( $mp->opts->hostname, %opts ) )
+      or $mp->plugin_exit( CRITICAL => 'Failed connect' );
+
+    # If we connected and the server reports that it supports TLS, try it
+    if ( defined $mp->opts->starttls ) {
+        my $ssl = $ftp->can_ssl
+          or throw 'Client can\'t TLS';
+        $ftp->feature('AUTH TLS')
+          or $mp->add_message( WARNING => 'AUTH TLS not listed in features' );
+        $ftp->starttls
+          or $mp->add_message( WARNING => $ssl->errstr || 'STARTTLS error' );
+    }
+    $mp->plugin_exit( $mp->check_messages );
+}
+catch {
+    $mp->plugin_die($_);
+};
+
+1;
-- 
cgit v1.2.3