-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathcheck_conntrack.sh
executable file
·51 lines (38 loc) · 1.15 KB
/
check_conntrack.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
RET_OK=0
RET_WARN=1
RET_UNKNOWN=3
WEB_WARN=5000
ALL_WARN=10000
while getopts "w:a:" option
do
case $option in
w)
WEB_WARN=$OPTARG
;;
a)
ALL_WARN=$OPTARG
;;
*)
esac
done
MY_IPS=$(/sbin/ifconfig | sed -En 's/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p' | paste -sd "|" -)
all=$(/usr/sbin/conntrack -L | awk '{print $4 $5}' | grep -E -c -v "src=($MY_IPS)" 2>/dev/null)
if [[ -z "$all" ]]; then
/usr/sbin/conntrack -C
exit $RET_UNKNOWN
fi
http=$(/usr/sbin/conntrack -L -p tcp --dport 80 | awk '{print $5}' | grep -E -c -v "src=($MY_IPS)" 2>/dev/null)
https=$(/usr/sbin/conntrack -L -p tcp --dport 443 | awk '{print $5}' | grep -E -c -v "src=($MY_IPS)" 2>/dev/null)
web=$((http + https))
perfdata="all=${all};$ALL_WARN web=${web};$WEB_WARN"
if [[ $all -gt $ALL_WARN ]]; then
echo "WARNING - $all external connections | $perfdata"
exit $RET_WARN
fi
if [[ $web -gt $WEB_WARN ]]; then
echo "WARNING - $web external web connections | $perfdata"
exit $RET_WARN
fi
echo "OK - $all external connections, $web external web connections | $perfdata"
exit $RET_OK