#!/usr/bin/perl
#
# Copyright 2012 SPARTA, Inc.  All rights reserved.
# See the COPYING file distributed with this software for details.
#
# dt_trustman
#
#	This script acts as a remote Nagios plugin for monitoring the
#	state of trustman.
#
#	This was written for DNSSEC-Tools.
#
# Revision History
#	1.12.1	Original version	3/2012		(1.0)
#	1.12.2	Modified arguments	6/2012		(1.1)
#		New arguments for trustman.
#

use strict;

use Getopt::Long qw(:config no_ignore_case_always);
# use Net::DNS::SEC::Tools::dnssectools;

#######################################################################
#
# Version information.
#
my $NAME   = "dt_trustman";
my $VERS   = "$NAME version: 1.13.0";
my $DTVERS = "DNSSEC-Tools Version: 1.12";

######################################################################r
#
# Data required for command line options.
#

my %options = ();			# Filled option array.
my @opts =
(
	"Version",			# Display the version number.
	"help",				# Give a usage message and exit.
);

#######################################################################
#
# Nagios return codes.
#
my $RC_NORMAL	= 0;		# Normal return code.
my $RC_WARNING	= 1;		# Warning return code.
my $RC_CRITICAL	= 2;		# Critical return code.
my $RC_UNKNOWN	= 3;		# Unknown return code.

#######################################################################

my $OUTFILE = "/tmp/dt_trustman.out";

#
# Run shtuff.
#
main();
exit($RC_UNKNOWN);

#-----------------------------------------------------------------------------
# Routine:	main()
#
# Purpose:	Main controller routine for dt_trustman.
#
sub main
{
	my $ret;				# Return code from trustman.

	$| = 0;

# out("dt_trustman:  running");

	#
	# Check our options.
	#
	doopts();

	#
	# Find out what trustman has to say.
	#
	$ret = run_trustman();
# out("dt_trustman:  trustman exitted with <$ret>");
	exit($ret);
}

#-----------------------------------------------------------------------------
# Routine:	doopts()
#
# Purpose:	This routine shakes and bakes our command line options.
#
sub doopts
{
	#
	# Parse the command line.
	#
	GetOptions(\%options,@opts) || usage();

	#
	# Show the version number or usage if requested.
	#
	version() if(defined($options{'Version'}));
	usage()   if(defined($options{'help'}));

}

#-----------------------------------------------------------------------------
# Routine:	run_trustman()
#
sub run_trustman
{
	my $out;				# Command's output.
	my $ret;				# Return code from trustman.

	#
	# Get trustman's opinion.
	#
	$out = `/usr/local/bin/trustman -M -k /etc/dnsval.conf`;
	$ret = $? >> 8;
# out("dt_trustman:  trustman out - <$out>");
# out("dt_trustman:  trustman returned <$ret>");

	#
	# Return the command output if it succeeded.
	#
	if($ret == 0)
	{
		print "$out\n";
		return($RC_NORMAL);
	}

	#
	# Handle failed commands...
	#
	print "Unknown error\n";
	return($RC_UNKNOWN);
}

#-----------------------------------------------------------------------------
# Routine:	out()
#
# Purpose:	Temporary output routine.
#
sub out
{
	my $str = shift;

	open(OUT,">>$OUTFILE");
	print OUT "$str\n";
	close(OUT);
}

#----------------------------------------------------------------------
# Routine:	version()
#
sub version
{
	print STDERR "$VERS\n";
	exit($RC_WARNING);
}

#-----------------------------------------------------------------------------
# Routine:	usage()
#
sub usage
{
	print STDERR "$VERS
Copyright 2012 SPARTA, Inc.  All rights reserved.

This script runs trustman to check for key verification of trust anchors.

usage:  dt_trustman [options] <zone>
	options:
		-Version	display program version
		-help		display this message

";

	exit($RC_WARNING);
}

1;

###############################################################################

=pod

=head1 NAME

dt_trustman - Nagios plugin to check for key verification of trust anchors

=head1 SYNOPSIS

  dt_trustman [options] <zone-name>

=head1 DESCRIPTION

B<dt_trustman> is a Nagios plugin used to check for key verification of
trust anchors.
B<dt_trustman> uses B<trustman> to perform the key verification.
The host on which B<dt_trustman> and B<trustman> run must be configured
with DNSSEC-Tools.

B<dt_trustman> passes the following arguments to B<trustman>

    -M -k /etc/dnsval.conf

The filename may have to be adjusted, depending on the individual
installation.

=head1 NAGIOS USE

This is run from a Nagios I<command> object.  These are examples of how the
objects should be defined:


  define command {
      command_name    dt_trustman
      command_line    ssh $HOSTADDRESS$ dt_trustman $ARG1$
  }

  define service {
      service_description   Trustman
      check_command         dt_trustman!uem-sensor
      host_name             uem-sensor
      active_checks_enabled 1
      use                   dnssec-tools-service
  }

=head1 OPTIONS

The following options are recognized by B<dt_trustman>:

=over 4

=item I<-Version>

Display the program version and exit.

=item I<-help>

Display a usage message and exit.

=back

=head1 COPYRIGHT

Copyright 2012 SPARTA, Inc.  All rights reserved.
See the COPYING file included with the DNSSEC-Tools package for details.

=head1 AUTHOR

Wayne Morrison, tewok@tislabs.com

=head1 SEE ALSO

trustman(8),

=cut

