Add password expiration mysql (#2506)
This commit is contained in:
parent
225d38f713
commit
b9abc869c7
|
@ -0,0 +1,223 @@
|
||||||
|
#
|
||||||
|
# Copyright 2020 Centreon (http://www.centreon.com/)
|
||||||
|
#
|
||||||
|
# Centreon is a full-fledged industry-strength solution that meets
|
||||||
|
# the needs in IT infrastructure and application monitoring for
|
||||||
|
# service performance.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
package database::mysql::mode::passwordexpiration;
|
||||||
|
|
||||||
|
use base qw(centreon::plugins::templates::counter);
|
||||||
|
|
||||||
|
use strict;
|
||||||
|
use warnings;
|
||||||
|
use DateTime;
|
||||||
|
use centreon::plugins::misc;
|
||||||
|
use centreon::plugins::statefile;
|
||||||
|
use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold_ng);
|
||||||
|
|
||||||
|
sub custom_status_output {
|
||||||
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
|
return sprintf(
|
||||||
|
"[user: %s] [password updated: %s] [expired: %s] expire in: %s",
|
||||||
|
$self->{result_values}->{user},
|
||||||
|
scalar(localtime($self->{result_values}->{password_last_changed})),
|
||||||
|
$self->{result_values}->{expire} eq 'never' ? $self->{result_values}->{expire} : $self->{result_values}->{expire} . ' days',
|
||||||
|
centreon::plugins::misc::change_seconds(value => $self->{result_values}->{expire_time})
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
sub set_counters {
|
||||||
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
|
$self->{maps_counters_type} = [
|
||||||
|
{ name => 'users', type => 2, format_output => '%s user(s) detected', display_counter_problem => { label => 'users', min => 0 },
|
||||||
|
group => [ { name => 'user', skipped_code => { -11 => 1 } } ]
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
$self->{maps_counters}->{user} = [
|
||||||
|
{ label => 'status', type => 2, critical_default => '%{expire} ne "never" and %{expire_time} == 0', set => {
|
||||||
|
key_values => [
|
||||||
|
{ name => 'user' }, { name => 'expire' },
|
||||||
|
{ name => 'expire_time' }, { name => 'password_last_changed' }
|
||||||
|
],
|
||||||
|
closure_custom_output => $self->can('custom_status_output'),
|
||||||
|
closure_custom_perfdata => sub { return 0; },
|
||||||
|
closure_custom_threshold_check => \&catalog_status_threshold_ng
|
||||||
|
}
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
sub new {
|
||||||
|
my ($class, %options) = @_;
|
||||||
|
my $self = $class->SUPER::new(package => __PACKAGE__, %options);
|
||||||
|
bless $self, $class;
|
||||||
|
|
||||||
|
$options{options}->add_options(arguments => {
|
||||||
|
});
|
||||||
|
|
||||||
|
return $self;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_database_timezone {
|
||||||
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
|
$options{sql}->query(
|
||||||
|
query => q{SELECT @@GLOBAL.time_zone, @@system_time_zone}
|
||||||
|
);
|
||||||
|
my @row = $options{sql}->fetchrow_array();
|
||||||
|
my $timezone = $row[0];
|
||||||
|
if ($row[0] eq 'SYSTEM') {
|
||||||
|
$timezone = $row[1];
|
||||||
|
}
|
||||||
|
return $timezone;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_expire_time {
|
||||||
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
|
my $current_time = time();
|
||||||
|
my $dt = DateTime->from_epoch(epoch => $options{epoch}, time_zone => $options{timezone});
|
||||||
|
$dt->add(days => $options{days});
|
||||||
|
my $expire_in = $dt->epoch() - time();
|
||||||
|
$expire_in = 0 if ($expire_in < 0);
|
||||||
|
return $expire_in;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_password_mariadb {
|
||||||
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
|
my $timezone = $self->get_database_timezone(sql => $options{sql});
|
||||||
|
$options{sql}->query(
|
||||||
|
query => q{show variables like 'default_password_lifetime'}
|
||||||
|
);
|
||||||
|
my ($name, $default_password_lifetime) = $options{sql}->fetchrow_array();
|
||||||
|
|
||||||
|
my $query = q{
|
||||||
|
SELECT Host, User,
|
||||||
|
JSON_EXTRACT(Priv, '$.password_last_changed') as password_last_changed,
|
||||||
|
JSON_EXTRACT(Priv, '$.password_lifetime') as password_lifetime
|
||||||
|
FROM mysql.global_priv
|
||||||
|
};
|
||||||
|
$options{sql}->query(query => $query);
|
||||||
|
my $i = 1;
|
||||||
|
while ((my @row = $options{sql}->fetchrow_array())) {
|
||||||
|
my $expire = 'never';
|
||||||
|
if ((!defined($row[3]) || $row[3] == -1) && $default_password_lifetime > 0) {
|
||||||
|
$expire = $default_password_lifetime;
|
||||||
|
} elsif (defined($row[3]) && $row[3] > 0) {
|
||||||
|
$expire = $row[3];
|
||||||
|
}
|
||||||
|
my $expire_time = 0;
|
||||||
|
if ($expire ne 'never') {
|
||||||
|
$expire_time = $self->get_expire_time(
|
||||||
|
epoch => $row[2],
|
||||||
|
days => $expire,
|
||||||
|
timezone => $timezone
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$self->{users}->{global}->{user}->{$i} = {
|
||||||
|
user => $row[0] . '@' . $row[1],
|
||||||
|
password_last_changed => $row[2],
|
||||||
|
expire => $expire,
|
||||||
|
expire_time => $expire_time
|
||||||
|
};
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sub get_password_mysql {
|
||||||
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
|
my $timezone = $self->get_database_timezone(sql => $options{sql});
|
||||||
|
$options{sql}->query(
|
||||||
|
query => q{show variables like 'default_password_lifetime'}
|
||||||
|
);
|
||||||
|
my ($name, $default_password_lifetime) = $options{sql}->fetchrow_array();
|
||||||
|
|
||||||
|
my $query = q{
|
||||||
|
SELECT User, Host, UNIX_TIMESTAMP(password_last_changed), password_lifetime
|
||||||
|
FROM mysql.user
|
||||||
|
};
|
||||||
|
$options{sql}->query(query => $query);
|
||||||
|
my $i = 1;
|
||||||
|
while ((my @row = $options{sql}->fetchrow_array())) {
|
||||||
|
my $expire = 'never';
|
||||||
|
if (!defined($row[3]) && $default_password_lifetime > 0) {
|
||||||
|
$expire = $default_password_lifetime;
|
||||||
|
} elsif (defined($row[3]) && $row[3] > 0) {
|
||||||
|
$expire = $row[3];
|
||||||
|
}
|
||||||
|
my $expire_time = 0;
|
||||||
|
if ($expire ne 'never') {
|
||||||
|
$expire_time = $self->get_expire_time(
|
||||||
|
epoch => $row[2],
|
||||||
|
days => $expire,
|
||||||
|
timezone => $timezone
|
||||||
|
);
|
||||||
|
}
|
||||||
|
$self->{users}->{global}->{user}->{$i} = {
|
||||||
|
user => $row[0] . '@' . $row[1],
|
||||||
|
password_last_changed => $row[2],
|
||||||
|
expire => $expire,
|
||||||
|
expire_time => $expire_time
|
||||||
|
};
|
||||||
|
$i++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
sub manage_selection {
|
||||||
|
my ($self, %options) = @_;
|
||||||
|
|
||||||
|
$self->{users}->{global} = { user => {} };
|
||||||
|
|
||||||
|
$options{sql}->connect();
|
||||||
|
if ($options{sql}->is_mariadb() && $options{sql}->is_version_minimum(version => '10.4.3')) {
|
||||||
|
$self->get_password_mariadb(sql => $options{sql});
|
||||||
|
} elsif (!$options{sql}->is_mariadb() && $options{sql}->is_version_minimum(version => '5.7.4')) {
|
||||||
|
$self->get_password_mysql(sql => $options{sql});
|
||||||
|
} else {
|
||||||
|
$self->{output}->add_option_msg(short_msg => 'unsupported password policy.');
|
||||||
|
$self->{output}->option_exit();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
1;
|
||||||
|
|
||||||
|
__END__
|
||||||
|
|
||||||
|
=head1 MODE
|
||||||
|
|
||||||
|
Check user password expiration.
|
||||||
|
|
||||||
|
=over 8
|
||||||
|
|
||||||
|
=item B<--warning-status>
|
||||||
|
|
||||||
|
Set warning threshold for status.
|
||||||
|
Can used special variables like: %{user}, %{expire}, %{expire_time}
|
||||||
|
|
||||||
|
=item B<--critical-status>
|
||||||
|
|
||||||
|
Set critical threshold for status (Default: '%{expire} ne "never" and %{expire_time} == 0').
|
||||||
|
Can used special variables like: %{user}, %{expire}, %{expire_time}
|
||||||
|
|
||||||
|
=back
|
||||||
|
|
||||||
|
=cut
|
|
@ -37,6 +37,7 @@ sub new {
|
||||||
'long-queries' => 'database::mysql::mode::longqueries',
|
'long-queries' => 'database::mysql::mode::longqueries',
|
||||||
'myisam-keycache-hitrate' => 'database::mysql::mode::myisamkeycachehitrate',
|
'myisam-keycache-hitrate' => 'database::mysql::mode::myisamkeycachehitrate',
|
||||||
'open-files' => 'database::mysql::mode::openfiles',
|
'open-files' => 'database::mysql::mode::openfiles',
|
||||||
|
'password-expiration' => 'database::mysql::mode::passwordexpiration',
|
||||||
'qcache-hitrate' => 'database::mysql::mode::qcachehitrate',
|
'qcache-hitrate' => 'database::mysql::mode::qcachehitrate',
|
||||||
'queries' => 'database::mysql::mode::queries',
|
'queries' => 'database::mysql::mode::queries',
|
||||||
'replication' => 'database::mysql::mode::replication',
|
'replication' => 'database::mysql::mode::replication',
|
||||||
|
|
Loading…
Reference in New Issue