-
Notifications
You must be signed in to change notification settings - Fork 116
/
Copy pathcheck_connections.sh
executable file
·120 lines (107 loc) · 2.49 KB
/
check_connections.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/usr/bin/env bash
# Author: Jon Schipp <[email protected], [email protected]>
# Nagios Exit Codes
OK=0
WARNING=1
CRITICAL=2
UNKNOWN=3
usage()
{
cat <<EOF
Check the number of connections/sockets in a given state.
Uses iproute2's ss tool to retrieve connections.
Options:
-s State of connection (def: all)
(established, syn-sent, syn-recv, fin-wait-1, fin-wait-2, time-wait,
closed, close-wait, last-ack, listen, and closing)
-f Apply quoted ss expression filter e.g. '( dst 192.168.1/24 and dport >= :1024 )'
-p <type> Set protocol or family type (udp/tcp/inet/inet6)
-c Critical threshold as an integer
-w Warning threshold as an integer
-e Exact count mode (raise CRITICAL if connection != critical, warn is ignored)
Usage: $0 -s established '( sport = :443 )' -w 800 -c 1000
EOF
}
argcheck() {
# if less than n argument
if [ $ARGC -lt $1 ]; then
echo "Missing arguments! Use \`\`-h'' for help."
exit 1
fi
}
if ! command -v ss >/dev/null 2>&1; then
echo -e "ERROR: ss is not installed or not found in \$PATH!"
exit 1
fi
# Define now to prevent expected number errors
STATE=all
CRIT=100
WARN=50
COUNT=0
ARGC=$#
CHECK=0
EXACT=0
argcheck 1
while getopts "hc:s:f:p:w:e" OPTION
do
case $OPTION in
h)
usage
;;
s)
STATE="$OPTARG"
CHECK=1
;;
f)
FILTER="$OPTARG"
CHECK=1
;;
p)
if [[ $OPTARG == tcp ]]; then
PROTOCOL="-t"
elif [[ $OPTARG == udp ]]; then
PROTOCOL="-u"
elif [[ $OPTARG == inet ]]; then
PROTOCOL="-4"
elif [[ $OPTARG == inet6 ]]; then
PROTOCOL="-6"
else
echo "Error: Protocol or family type no valid!"
exit 1
fi
CHECK=1
;;
c)
CRIT="$OPTARG"
CHECK=1
;;
w)
WARN="$OPTARG"
CHECK=1
;;
e)
EXACT=1
;;
\?)
exit 1
;;
esac
done
COUNT=$(ss -n state $STATE $PROTOCOL $FILTER | grep -v 'State\|-Q' | wc -l)
if [ $EXACT -eq 1 ]; then
echo "$COUNT sockets in $STATE state"
if [ $COUNT -ne $CRIT ]; then
exit $CRITICAL
else
exit $OK
fi
elif [ $COUNT -gt $CRIT ]; then
echo "CRITICAL - $COUNT sockets in $STATE state! | connections=$COUNT;$WARN;$CRIT"
exit $CRITICAL
elif [ $COUNT -gt $WARN ]; then
echo "WARNING - $COUNT sockets in $STATE state! | connections=$COUNT;$WARN;$CRIT"
exit $WARNING
else
echo "OK - $COUNT sockets in $STATE state. | connections=$COUNT;$WARN;$CRIT"
exit $OK
fi