forked from djmitche/pynsca
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pynsca.py
executable file
·178 lines (153 loc) · 6.69 KB
/
pynsca.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#!/usr/bin/env python
# The contents of this file are subject to the Mozilla Public License
# Version 1.1 (the "License"); you may not use this file except in
# compliance with the License. You may obtain a copy of the License at
# http://www.mozilla.org/MPL/
#
# Software distributed under the License is distributed on an "AS IS"
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
# License for the specific language governing rights and limitations
# under the License.
#
# The Original Code is pynsca.
#
# The Initial Developer of the Original Code is Dustin J. Mitchell. Portions
# created by Dustin J. Mitchell are Copyright (C) Mozilla, Inc. All Rights
# Reserved.
#
# Alternatively, the contents of this file may be used under the terms of the
# GNU Public License, Version 2 (the "GPLv2 License"), in which case the
# provisions of GPLv2 License are applicable instead of those above. If you
# wish to allow use of your version of this file only under the terms of the
# GPLv2 License and not to allow others to use your version of this file under
# the MPL, indicate your decision by deleting the provisions above and replace
# them with the notice and other provisions required by the GPLv2 License. If
# you do not delete the provisions above, a recipient may use your version of
# this file under either the MPL or the GPLv2 License.
import struct, binascii, itertools, socket
# return value constants
OK = 0
UP = 0
WARNING = 1
DOWN = 2
UNREACHABLE = 2
CRITICAL = 2
UNKNOWN = 3
class NSCANotifier(object):
"""
Class to send notifications to a Nagios server via NSCA.
"""
# utilities for below
proto_version = 3
fromserver_fmt = "!128sL"
fromserver_fmt_size = struct.calcsize(fromserver_fmt)
toserver_fmt = "!HxxlLH64s128s514s"
toserver_fmt_size = struct.calcsize(toserver_fmt)
def __init__(self, monitoring_server, monitoring_port=5667, encryption_mode=1, password=None):
self.monitoring_server = monitoring_server
self.monitoring_port = monitoring_port
self.encryption_mode = encryption_mode
self.password = password
def _decode_from_server(self, bytes):
iv, timestamp = struct.unpack(self.fromserver_fmt, bytes)
return iv, timestamp
def _encrypt_packet(self, toserver_pkt, iv, mode, password):
if mode == 1:
cycle = [iv]
if password:
cycle = [iv, password]
for key in cycle:
toserver_pkt = ''.join([chr(p^i)
for p,i in itertools.izip(
itertools.imap(ord, toserver_pkt),
itertools.imap(ord, itertools.cycle(key)))])
elif mode == 16:
import mcrypt
m = mcrypt.MCRYPT('rijndael-256', 'cfb')
iv_size = m.get_iv_size()
key_size = m.get_key_size()
key = ['\0'] * key_size
key[0:len(password)] = password
m.init(''.join(key), iv[:iv_size])
toserver_pkt = ''.join([m.encrypt(x) for x in toserver_pkt])
elif mode == 3:
import Crypto.Cipher.DES3
import Crypto.Util.randpool
password += '\0' * (24 - len(password))
iv_size = 8
if len(iv) >= Crypto.Cipher.DES3.block_size:
iv = iv[:iv_size]
else:
iv += self.random_pool.get_bytes(iv_size - iv)
myDes = Crypto.Cipher.DES3.new(password, Crypto.Cipher.DES3.MODE_CFB,iv)
toserver_pkt = ''.join(myDes.encrypt(toserver_pkt))
#print "toserver_pkt: "+toserver_pkt
elif mode == 0:
return toserver_pkt
else:
print "no supported encryption_mode"
return toserver_pkt
def _encode_to_server(self, iv, timestamp, return_code, host_name,
svc_description, plugin_output, mode=1, password=None):
# note that this will pad the strings with 0's instead of random digits. Oh well.
toserver = [
self.proto_version,
0, # crc32_value
timestamp,
return_code,
self._force_str(host_name),
self._force_str(svc_description),
self._force_str(self._escape_newlines(plugin_output)),
]
# calculate crc32 and insert into the list
crc32 = binascii.crc32(struct.pack(self.toserver_fmt, *toserver))
toserver[1] = crc32
# convert to bytes
toserver_pkt = struct.pack(self.toserver_fmt, *toserver)
# and encode or encrypt
toserver_pkt = self._encrypt_packet(toserver_pkt, iv, mode, password)
return toserver_pkt
def _escape_newlines(self, text):
"""Escape backslash and newlines; see https://github.com/djmitche/pynsca/issues/12#issuecomment-60086643"""
return text.replace('\\', r'\\').replace('\n', r'\n')
def _force_str(self, text):
if isinstance(text, unicode):
return text.encode('utf-8')
return text
def host_result(self, host_name, return_code, plugin_output):
"""
Send a passive host check to the configured monitoring host
Host checks are just service checks with no service listed.
@param host_name: host containing the service
@param return_code: result (e.g., C{OK} or C{CRITICAL})
@param plugin_output: textual output
"""
self.svc_result(host_name, '', return_code, plugin_output)
def svc_result(self, host_name, svc_description, return_code, plugin_output, timeout=5):
"""
Send a service result to the configured monitoring host
Note that the nagios server provides no way to tell if it has actually
processed the check result.
@param host_name: host containing the service
@param svc_description: description of the service with the result
@param return_code: result (e.g., C{OK} or C{CRITICAL})
@param plugin_output: textual output
"""
sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sk.settimeout(timeout)
sk.connect((self.monitoring_server, self.monitoring_port))
# read packet
buf = ''
while len(buf) < self.fromserver_fmt_size:
data = sk.recv(self.fromserver_fmt_size - len(buf))
if not data:
break
buf += data
# make up reply
iv, timestamp = self._decode_from_server(buf)
toserver_pkt = self._encode_to_server(iv, timestamp, return_code,
host_name, svc_description, plugin_output,
self.encryption_mode, self.password)
# and send it
sk.sendall(toserver_pkt)
sk.close()