forked from lelutin/nagios-plugins
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_sftp_chroot
executable file
·86 lines (77 loc) · 2.05 KB
/
check_sftp_chroot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#!/bin/sh
#
# This script connects to an SFTP account that should be chrooted to its home
# directory and tries to access files outside of it. It fails if it can access
# outside files, and succeeds if it cannot.
#
# This script assumes you have setup a passwordless SSH key to the host given
# to -H
#
# Copyleft Gabriel Filion
#
# This plugin is released under the GPL v3+ license. To get a copy of the
# license text visit: https://www.gnu.org/licenses/gpl-3.0.txt
#
file=/etc/passwd
host=
username=
debug () {
if [ -n "$DEBUG" ]; then
echo "$1" >&2
fi
}
debug "got args: $*"
for arg in $*; do
case $arg in
"-H")
if [ -z "$2" ]; then
echo "UNKNOWN: no value given to argument -H."
exit 3
fi
debug "Setting \$host to: $2"
host=$2
shift 2
;;
"--user-name")
if [ -z "$2" ]; then
echo "UNKNOWN: no value given to argument --user-name."
exit 3
fi
debug "Setting \$username to: $2"
username=$2
shift 2
;;
"--file-name")
if [ -z "$2" ]; then
echo "UNKNOWN: no value given to argument --file-name."
exit 3
fi
debug "Setting \$file to: $2"
file=$2
shift 2
;;
esac
done
if [ -z "$host" ]; then
echo "UNKNOWN: no host specified. Use -H"
exit 3
fi
if [ -z "$username" ]; then
echo "UNKNOWN: no user name specified. Use --user-name"
exit 3
fi
if [ -z "$file" ]; then
echo "UNKNOWN: no file name specified. check value passed to --file-name"
exit 3
fi
output=$(sftp -q -o "PasswordAuthentication no" $username@$host:"$file" /dev/null 2>&1)
if [ $? -eq 0 ]; then
echo "CRITICAL: file $file is currently visible!"
exit 1
fi
if [ $(printf "%s" "$output" | grep "File \"$file\" not found." | wc -l) -eq 0 ]; then
echo "UNKNOWN: Connection failure: $output"
exit 3
fi
echo "OK: File '$file' not found."
exit 0