Add password expiration mysql (#2506)
This commit is contained in:
parent
225d38f713
commit
b9abc869c7
|
@ -0,0 +1,223 @@
|
|||
#
|
||||
# Copyright 2020 Centreon (http://www.centreon.com/)
|
||||
#
|
||||
# Centreon is a full-fledged industry-strength solution that meets
|
||||
# the needs in IT infrastructure and application monitoring for
|
||||
# service performance.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
package database::mysql::mode::passwordexpiration;
|
||||
|
||||
use base qw(centreon::plugins::templates::counter);
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use DateTime;
|
||||
use centreon::plugins::misc;
|
||||
use centreon::plugins::statefile;
|
||||
use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold_ng);
|
||||
|
||||
sub custom_status_output {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
return sprintf(
|
||||
"[user: %s] [password updated: %s] [expired: %s] expire in: %s",
|
||||
$self->{result_values}->{user},
|
||||
scalar(localtime($self->{result_values}->{password_last_changed})),
|
||||
$self->{result_values}->{expire} eq 'never' ? $self->{result_values}->{expire} : $self->{result_values}->{expire} . ' days',
|
||||
centreon::plugins::misc::change_seconds(value => $self->{result_values}->{expire_time})
|
||||
);
|
||||
}
|
||||
|
||||
sub set_counters {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
$self->{maps_counters_type} = [
|
||||
{ name => 'users', type => 2, format_output => '%s user(s) detected', display_counter_problem => { label => 'users', min => 0 },
|
||||
group => [ { name => 'user', skipped_code => { -11 => 1 } } ]
|
||||
}
|
||||
];
|
||||
|
||||
$self->{maps_counters}->{user} = [
|
||||
{ label => 'status', type => 2, critical_default => '%{expire} ne "never" and %{expire_time} == 0', set => {
|
||||
key_values => [
|
||||
{ name => 'user' }, { name => 'expire' },
|
||||
{ name => 'expire_time' }, { name => 'password_last_changed' }
|
||||
],
|
||||
closure_custom_output => $self->can('custom_status_output'),
|
||||
closure_custom_perfdata => sub { return 0; },
|
||||
closure_custom_threshold_check => \&catalog_status_threshold_ng
|
||||
}
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
sub new {
|
||||
my ($class, %options) = @_;
|
||||
my $self = $class->SUPER::new(package => __PACKAGE__, %options);
|
||||
bless $self, $class;
|
||||
|
||||
$options{options}->add_options(arguments => {
|
||||
});
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub get_database_timezone {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
$options{sql}->query(
|
||||
query => q{SELECT @@GLOBAL.time_zone, @@system_time_zone}
|
||||
);
|
||||
my @row = $options{sql}->fetchrow_array();
|
||||
my $timezone = $row[0];
|
||||
if ($row[0] eq 'SYSTEM') {
|
||||
$timezone = $row[1];
|
||||
}
|
||||
return $timezone;
|
||||
}
|
||||
|
||||
sub get_expire_time {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
my $current_time = time();
|
||||
my $dt = DateTime->from_epoch(epoch => $options{epoch}, time_zone => $options{timezone});
|
||||
$dt->add(days => $options{days});
|
||||
my $expire_in = $dt->epoch() - time();
|
||||
$expire_in = 0 if ($expire_in < 0);
|
||||
return $expire_in;
|
||||
}
|
||||
|
||||
sub get_password_mariadb {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
my $timezone = $self->get_database_timezone(sql => $options{sql});
|
||||
$options{sql}->query(
|
||||
query => q{show variables like 'default_password_lifetime'}
|
||||
);
|
||||
my ($name, $default_password_lifetime) = $options{sql}->fetchrow_array();
|
||||
|
||||
my $query = q{
|
||||
SELECT Host, User,
|
||||
JSON_EXTRACT(Priv, '$.password_last_changed') as password_last_changed,
|
||||
JSON_EXTRACT(Priv, '$.password_lifetime') as password_lifetime
|
||||
FROM mysql.global_priv
|
||||
};
|
||||
$options{sql}->query(query => $query);
|
||||
my $i = 1;
|
||||
while ((my @row = $options{sql}->fetchrow_array())) {
|
||||
my $expire = 'never';
|
||||
if ((!defined($row[3]) || $row[3] == -1) && $default_password_lifetime > 0) {
|
||||
$expire = $default_password_lifetime;
|
||||
} elsif (defined($row[3]) && $row[3] > 0) {
|
||||
$expire = $row[3];
|
||||
}
|
||||
my $expire_time = 0;
|
||||
if ($expire ne 'never') {
|
||||
$expire_time = $self->get_expire_time(
|
||||
epoch => $row[2],
|
||||
days => $expire,
|
||||
timezone => $timezone
|
||||
);
|
||||
}
|
||||
$self->{users}->{global}->{user}->{$i} = {
|
||||
user => $row[0] . '@' . $row[1],
|
||||
password_last_changed => $row[2],
|
||||
expire => $expire,
|
||||
expire_time => $expire_time
|
||||
};
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
|
||||
sub get_password_mysql {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
my $timezone = $self->get_database_timezone(sql => $options{sql});
|
||||
$options{sql}->query(
|
||||
query => q{show variables like 'default_password_lifetime'}
|
||||
);
|
||||
my ($name, $default_password_lifetime) = $options{sql}->fetchrow_array();
|
||||
|
||||
my $query = q{
|
||||
SELECT User, Host, UNIX_TIMESTAMP(password_last_changed), password_lifetime
|
||||
FROM mysql.user
|
||||
};
|
||||
$options{sql}->query(query => $query);
|
||||
my $i = 1;
|
||||
while ((my @row = $options{sql}->fetchrow_array())) {
|
||||
my $expire = 'never';
|
||||
if (!defined($row[3]) && $default_password_lifetime > 0) {
|
||||
$expire = $default_password_lifetime;
|
||||
} elsif (defined($row[3]) && $row[3] > 0) {
|
||||
$expire = $row[3];
|
||||
}
|
||||
my $expire_time = 0;
|
||||
if ($expire ne 'never') {
|
||||
$expire_time = $self->get_expire_time(
|
||||
epoch => $row[2],
|
||||
days => $expire,
|
||||
timezone => $timezone
|
||||
);
|
||||
}
|
||||
$self->{users}->{global}->{user}->{$i} = {
|
||||
user => $row[0] . '@' . $row[1],
|
||||
password_last_changed => $row[2],
|
||||
expire => $expire,
|
||||
expire_time => $expire_time
|
||||
};
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
|
||||
sub manage_selection {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
$self->{users}->{global} = { user => {} };
|
||||
|
||||
$options{sql}->connect();
|
||||
if ($options{sql}->is_mariadb() && $options{sql}->is_version_minimum(version => '10.4.3')) {
|
||||
$self->get_password_mariadb(sql => $options{sql});
|
||||
} elsif (!$options{sql}->is_mariadb() && $options{sql}->is_version_minimum(version => '5.7.4')) {
|
||||
$self->get_password_mysql(sql => $options{sql});
|
||||
} else {
|
||||
$self->{output}->add_option_msg(short_msg => 'unsupported password policy.');
|
||||
$self->{output}->option_exit();
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
|
||||
=head1 MODE
|
||||
|
||||
Check user password expiration.
|
||||
|
||||
=over 8
|
||||
|
||||
=item B<--warning-status>
|
||||
|
||||
Set warning threshold for status.
|
||||
Can used special variables like: %{user}, %{expire}, %{expire_time}
|
||||
|
||||
=item B<--critical-status>
|
||||
|
||||
Set critical threshold for status (Default: '%{expire} ne "never" and %{expire_time} == 0').
|
||||
Can used special variables like: %{user}, %{expire}, %{expire_time}
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
|
@ -37,6 +37,7 @@ sub new {
|
|||
'long-queries' => 'database::mysql::mode::longqueries',
|
||||
'myisam-keycache-hitrate' => 'database::mysql::mode::myisamkeycachehitrate',
|
||||
'open-files' => 'database::mysql::mode::openfiles',
|
||||
'password-expiration' => 'database::mysql::mode::passwordexpiration',
|
||||
'qcache-hitrate' => 'database::mysql::mode::qcachehitrate',
|
||||
'queries' => 'database::mysql::mode::queries',
|
||||
'replication' => 'database::mysql::mode::replication',
|
||||
|
|
Loading…
Reference in New Issue