check_xs, Random Monitoring Check Plugins
This is a collection of opinionated monitoring check plugins designed for use with Nagios, Icinga, and similar systems. The aim is not to provide a complete collection of plugins, but rather to fill specific gaps that I personally need.
check_geohashchecks the distance to nearby xkcd Geohashes and Globalhashes.check_resticchecks locally configured restic backups.check_ssh_key_confirmverifies the possibility of logging in to a remote SSH server by providing a username and an SSH public key. SSH operates by the client offering keys to the server, which responds whether it accepts them or not.check_whois_expirychecks a domain's expiration date by retrieving it from the whois entry and alerts when certain thresholds are reached.
Other plugins may already exist for these purposes, but they may not work for me, maybe because they are thousand lines of shell script full of bashism and dependencies on non-standard tools (totally random example). That's why all plugins here are written in Go using the same homegrown library and should work on all Unix-like operating systems Go targets.
Plugins
check_geohash
This plugin checks the distance to nearby xkcd Geohashes and Globalhashes.
Geohashing was introduced in https://xkcd.com/426/, as (a joke) to create daily
geocaches based on a cryptographic hash function. This plugin continues my prior
Prometheus exporter: https://github.com/oxzi/geohashing_exporter
Usage: check_geohash -lat 49.4451 -lon 11.0824
Options:
-dist-crit float
Critical distance (km) (default 5)
-dist-warn float
Warning distance (km) (default 10)
-exit-ok
Unconditionally exit with OK
-globalhash
Check against the Globalhash
-lat float
Latitude of the check reference point (required)
-lon float
Longitude of the check reference point (required)
-timeout duration
Plugin timeout duration (default 1m0s)
-timezone string
Timezone to use instead of the local timezone
-verbose
Produce verbose logging output
-version
Print version and exit
Performance Data:
None.
Examples:
- $ check_geohash -lat 49.4451 -lon 11.0824
OK: No relevant geohashes nearby
- $ check_geohash -lat 49.4451 -lon 11.0824 -dist-crit 25 -dist-warn 100
CRITICAL: Geohashes nearby: 1x CRITICAL: in 0d at 49.594395, 10.896943 in 21.33km <= 25.00km - 1x WARNING: in 1d at 49.062772, 10.589037 in 55.58km <= 100.00km
- $ check_geohash -lat 49.4451 -lon 11.0824 --globalhash -dist-warn 20000
WARNING: Geohashes nearby: 2x WARNING: in 0d at 16.991184, 142.899395 in 11242.04km <= 20000.00km, in 1d at -78.701075, 32.053204 in 14317.85km <= 20000.00kmcheck_restic
This plugin checks locally configured restic backups.
By both checking the time of the last successful snapshot and utilizing restic's
own "restic check", this check plugin is able to give a brief status report
about a restic backup.
Internally, this plugin just executes restic. Either by using a custom restic
wrapper script as the -restic-bin or passing all necessary arguments via
-restic-args, the underlying restic can be configured.
This plugin might need to be executed with evaluated privileges.
Usage: check_restic -restic-bin restic-user-backup-backblaze
Options:
-exit-ok
Unconditionally exit with OK
-restic-args string
Additional arguments to be passed to the restic binary
-restic-bin string
Path to a custom restic binary or a wrapper script (default "restic")
-snapshot-age-crit duration
Latest snapshot age to be considered critical (default 48h0m0s)
-snapshot-age-warn duration
Latest snapshot age to be considered warning (default 24h0m0s)
-timeout duration
Plugin timeout duration (default 1h0m0s)
-verbose
Produce verbose logging output
-version
Print version and exit
Performance Data:
- last_snapshot_unix: Unix timestamp of the last snapshot.
- last_snapshot_age: Time in seconds (s) since the last snapshot.
Examples:
- $ check_restic -restic-bin restic-user-backup-backblaze
OK: Latest snapshot "42aaaaaa" is from 2024-08-03 02:40:02.045653853 +0200 CEST, 21h55m59.071546793scheck_ssh_key_confirm
This plugin verifies the possibility of logging in to a remote SSH server by
providing a username and an SSH public key. SSH operates by the client offering
keys to the server, which responds whether it accepts them or not.
See the ssh-key-confirmer repository, which is the base for this plugin, for
more information: https://github.com/benjojo/ssh-key-confirmer
Usage: check_ssh_key_confirm -hostname SERVER -user USER -user-pub-key PUBKEY
Options:
-exit-ok
Unconditionally exit with OK
-host-pub-key string
SSH server's public key to be optionally checked
-hostname string
Hostname to be checked (required)
-port uint
SSH server port (default 22)
-timeout duration
Plugin timeout duration (default 1m0s)
-user string
User to login as (required)
-user-pub-key string
User's SSH public key (ed25519) to probe (required)
-verbose
Produce verbose logging output
-version
Print version and exit
Performance Data:
- ssh_connection: Time in seconds (s) for the SSH connection.
Examples:
- $ check_ssh_key_confirm -hostname example.com \
-user username -user-pub-key "$(cat ~/.ssh/id_ed25519.pub)"
OK: SSH Public Key is present for "user" at "example.com:22"|[...]
- $ check_ssh_key_confirm -hostname example.com \
-user username -user-pub-key "$(cat ~/.ssh/id_ed25519.pub)"
CRITICAL: SSH Public Key check failed, Key was not accepted|[...]
- $ check_ssh_key_confirm -hostname example.com \
-host-pub-key "$(awk '/^example.com / { print $2, $3 }' ~/.ssh/known_hosts)" \
-user username -user-pub-key "$(cat ~/.ssh/id_ed25519.pub)"
OK: SSH Public Key is present for "user" at "example.com:22"|[...]
- $ check_ssh_key_confirm -hostname codeberg.org \
-user git -user-pub-key "$(cat ~/.ssh/id_ed25519_codeberg_org.pub)"
OK: SSH Public Key is present for "git" at "codeberg.org:22"|[...]check_whois_expiry
This plugin checks a domain's expiration date by retrieving it from the whois
entry and alerts when certain thresholds are reached.
Usage: check_whois_expiry -hostname DOMAIN
Options:
-days-critical uint
Critical amount of days until expiry (default 14)
-days-warning uint
Warning amount of days until expiry (default 30)
-exit-ok
Unconditionally exit with OK
-hostname string
Hostname/Domain to be checked (required)
-timeout duration
Plugin timeout duration (default 1m0s)
-verbose
Produce verbose logging output
-version
Print version and exit
Performance Data:
- expiration_unix: Unix timestamp when the domain will expire.
- remaining: Time in seconds (s) until the expiry.
- whois_lookup_iana: Time in seconds (s) to perform the initial whois lookup
against whois.iana.org to get the TLD specific whois server.
- whois_lookup_tld: Time in seconds (s) to perform the whois lookup at the TLD
specific whois server.
Examples:
- $ check_whois_expiry -hostname codeberg.org
OK: Domain "codeberg.org" expires at 2028-07-05 08:54:30 +0000 UTC in 1549.6 days|[...]
- $ check_whois_expiry -hostname codeberg.org -days-warning 2300
WARNING: Domain "codeberg.org" expires at 2028-07-05 08:54:30 +0000 UTC in 1549.6 days < 2300 days|[...]Install
The only requirement is a recent version of Go, equal to or greater than the one specified in the go.mod file.
After cloning this git repository, you can compile either a specific check plugin or all checks at once.
$ # Build single check
$ go build ./cmd/check_ssh_key_confirm
$ # Build all checks
$ go build -o . ./...The installation of plugins depends on your monitoring setup.
On some systems, all check plugins are located within /usr/local/libexec/nagios/, but this may vary.
CheckCommands for Icinga 2 can be found in contrib/icinga2/commands.conf.
Contributing
Although this is a personal collection of check plugins written to satisfy my monitoring needs, contributions are welcome!
The software is licensed under the MIT license, which is included in the LICENSES/MIT.txt file.
The authorship is tracked using REUSE.
There are parts being reused from other sources, being indicated by a SPDX header, or either being dual-licensed, also indicated through headers and maybe a comment.
Patches can be submitted either through Pull Requests here at Codeberg.org or via email to the email address of the initial commit in the git log (sorry for this lame ass spam protection).
