Add ipa_check_consistency script
diff --git a/sensu/files/checks/ipa_check_consistency b/sensu/files/checks/ipa_check_consistency
new file mode 100755
index 0000000..7d345c7
--- /dev/null
+++ b/sensu/files/checks/ipa_check_consistency
@@ -0,0 +1,699 @@
+#!/usr/bin/env bash
+#
+# The script checks consistency across FreeIPA servers.
+# Put BIND password in to ipa_check_consistency.passwd file to stop password
+# prompts.
+#
+# Author: Peter Pakos <peter.pakos@wandisco.com>
+
+set -euo pipefail
+IFS=$'\n'
+
+readonly APP_VER="16.4.8"
+readonly APP_NAME="$(basename "$0")"
+readonly APP_DIR="$(cd "$(dirname "$0")" && pwd)"
+readonly TMP_DIR="$(mktemp -d)"
+declare PASSWD_FILE="${APP_DIR}/$(basename "$0").passwd"
+
+declare -a SERVERS=()
+declare DOMAIN=""
+declare SUFFIX=""
+declare BINDDN="cn=Directory Manager"
+declare BINDPW=""
+declare -i FIRST_COLUMN=20
+declare -i MIDDLE_COLUMNS=5
+declare -i LAST_COLUMN=5
+declare -i NAGIOS=0
+declare WARNING=1
+declare CRITICAL=2
+declare -i CHECKS_NO=11
+
+die() {
+ local msg="${1:-}"
+ local -i code=${2:-1}
+
+ if [[ -n "$msg" ]]; then
+ printf "%s\n" "$msg" >&2
+ fi
+ exit $code
+}
+
+display_version() {
+ printf "%s version %s\n" "$APP_NAME" "$APP_VER"
+}
+
+display_help() {
+ display_version
+ cat <<HELP
+Usage: ${APP_NAME} [OPTIONS]
+AVAILABLE OPTIONS:
+-H List of IPA servers (e.g.: "server1 server2.domain server3")
+ Both short names and FQDNs are supported (FQDN if not within IPA domain)
+-d IPA domain (e.g.: "ipa.domain.com")
+-s LDAP root suffix, if not domain based (default: "dc=ipa,dc=domain,dc=com")
+-D BIND DN (default: cn=Directory Manager)
+-W BIND password (prompt for one if not supplied)
+-p Password file (default: $(basename "$0").passwd)
+-n Nagios plugin mode
+-w Warning threshold (0-${CHECKS_NO}), number of failed checks before alerting (default: 1)
+-c Critical threshold (0-${CHECKS_NO}), number of failed checks before alerting (default: 2)
+-h Print this help summary page
+-v Print version number
+HELP
+}
+
+get_opts() {
+ while getopts ":vhd:D:W:s:p:H:nw:c:" opt; do
+ case $opt in
+ v)
+ display_version
+ exit 0
+ ;;
+ h)
+ display_help
+ exit 0
+ ;;
+ d)
+ DOMAIN="${OPTARG,,}"
+ ;;
+ D)
+ BINDDN="${OPTARG}"
+ ;;
+ W)
+ BINDPW="${OPTARG}"
+ ;;
+ s)
+ SUFFIX="${OPTARG}"
+ ;;
+ p)
+ PASSWD_FILE="${OPTARG}"
+ if [[ ! -r "$PASSWD_FILE" ]]; then
+ die "Unable to open password file ${PASSWD_FILE}, exiting."
+ fi
+ ;;
+ H)
+ IFS=" "
+ SERVERS=($OPTARG)
+ IFS=$'\n'
+ update_cols
+ ;;
+ n)
+ NAGIOS=1
+ ;;
+ w)
+ WARNING="${OPTARG}"
+ ;;
+ c)
+ CRITICAL="${OPTARG}"
+ ;;
+ :)
+ die "Option -${OPTARG} requires an argument"
+ ;;
+ *)
+ die "Invalid option -${OPTARG}"
+ ;;
+ esac
+ done
+}
+
+is_integer() {
+ local var="$1"
+
+ if [[ "$var" =~ ^[-+]?[0-9]+$ ]]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+check_vars() {
+ local -i fail=0 i=0
+
+ if [[ ${#SERVERS[@]} -lt 1 ]]; then
+ printf "Hosts not specified (-H)\n" >&2
+ fail=1
+ fi
+ if [[ -z "$DOMAIN" ]]; then
+ printf "IPA domain not specified (-d)\n" >&2
+ fail=1
+ else
+ if [[ -z "$SUFFIX" ]]; then
+ SUFFIX="dc=${DOMAIN//./,dc=}"
+ fi
+ fi
+ if is_integer "$WARNING"; then
+ if ! [[ $WARNING -ge 0 && $WARNING -le $CHECKS_NO ]]; then
+ printf "Warning threshold (-w) needs to be an integer between 1 and %i\n" $CHECKS_NO >&2
+ fail=1
+ fi
+ else
+ printf "Warning threshold (-w) needs to be an integer\n" >&2
+ fail=1
+ fi
+ if is_integer "$CRITICAL"; then
+ if ! [[ $CRITICAL -ge 0 && $CRITICAL -le $CRITICAL ]]; then
+ printf "Critical threshold (-c) needs to be an integer between 1 and %i\n" $CHECKS_NO >&2
+ fail=1
+ fi
+ else
+ printf "Critical threshold (-w) needs to be an integer\n" >&2
+ fail=1
+ fi
+ if is_integer "$CRITICAL" && is_integer "$WARNING"; then
+ if ! [[ $CRITICAL -ge $WARNING ]]; then
+ printf "Critical threshold (-c) needs to be greater than warning threshold (-w)\n" >&2
+ fail=1
+ fi
+ fi
+
+ if [[ $fail -ne 0 ]]; then
+ die
+ fi
+ for ((i=0; i<${#SERVERS[@]}; i++)); do
+ if ! [[ "${SERVERS[i]}" =~ \. ]]; then
+ SERVERS[i]="${SERVERS[i]}.${DOMAIN}"
+ fi
+ done
+}
+
+get_pass() {
+ if [[ -z "$BINDPW" ]]; then
+ if [[ -r "$PASSWD_FILE" ]]; then
+ BINDPW="$(<"$PASSWD_FILE")"
+ printf "BIND password loaded from file %s\n" "$(basename "$PASSWD_FILE")"
+ else
+ printf "%s password: " "${BINDDN#cn=}"
+ read -rs BINDPW
+ printf "\n"
+ fi
+ fi
+}
+
+validate_pass() {
+ for server in "${SERVERS[@]}"; do
+ if ldapwhoami -ZZ -x -h "$server" -D "$BINDDN" -w "$BINDPW" &>/dev/null; then
+ return 0
+ fi
+ done
+ die "BIND failed to all servers, check connection details and try again."
+}
+
+hr() {
+ local -i len=$(( FIRST_COLUMN + ${#SERVERS[@]} * MIDDLE_COLUMNS + LAST_COLUMN ))
+ local -i i=0
+
+ for((i=1; i<=len; i++)); do
+ printf "="
+ done
+ printf "\n"
+}
+
+display_header() {
+ local server=""
+
+ printf "%-${FIRST_COLUMN}s" "FreeIPA servers:"
+ for server in "${SERVERS[@]}"; do
+ server="${server%%.*}"
+ printf "%-${MIDDLE_COLUMNS}s" "$server"
+ done
+ printf "%-${LAST_COLUMN}s\n" "STATE"
+ hr
+}
+
+is_consistent() {
+ local dir="$1"
+
+ if diff --from-file "$dir"/* &>/dev/null; then
+ printf "OK"
+ else
+ printf "FAIL"
+ fi
+}
+
+query_ldap() {
+ local base="$1"
+ local filter="$2"
+ local attr="$3"
+ local scope="${4:-sub}"
+
+ ldapsearch -ZZ -LLLx -h "${server}" \
+ -D "$BINDDN" -w "$BINDPW" -s "$scope" \
+ -b "$base" "$filter" "$attr" 2>/dev/null
+
+ return $?
+}
+
+active_users() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/active_users"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "Active Users"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap "cn=users,cn=accounts,${SUFFIX}" \
+ "(objectClass=*)" "numSubordinates" "base" \
+ | awk '/numSubordinates: / {print $2}'); then
+ count="ERROR"
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+staged_users() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/staged_users"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "Stage Users"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap \
+ "cn=staged users,cn=accounts,cn=provisioning,${SUFFIX}" \
+ "(objectClass=*)" "numSubordinates" "base" \
+ | awk '/numSubordinates: / {print $2}'); then
+ count="ERROR"
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+preserved_users() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/preserved_users"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "Preserved Users"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap \
+ "cn=deleted users,cn=accounts,cn=provisioning,${SUFFIX}" \
+ "(objectClass=*)" "numSubordinates" "base" \
+ | awk '/numSubordinates: / {print $2}'); then
+ count="ERROR"
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+groups() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/groups"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "User Groups"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap "cn=groups,cn=accounts,${SUFFIX}" \
+ "(objectClass=ipausergroup)" "dn" "one"); then
+ count="ERROR"
+ else
+ count=$(grep -c "^dn:" <<<"$count" || true)
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+hosts() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/hosts"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "Hosts"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap "cn=computers,cn=accounts,${SUFFIX}" \
+ "(objectClass=*)" "numSubordinates" "base" \
+ | awk '/numSubordinates: / {print $2}'); then
+ count="ERROR"
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+hostgroups() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/hostgroups"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "Host Groups"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap "cn=hostgroups,cn=accounts,${SUFFIX}" \
+ "(objectClass=*)" "numSubordinates" "base" \
+ | awk '/numSubordinates: / {print $2}'); then
+ count="ERROR"
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+hbac_rules() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/hbac_rules"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "HBAC Rules"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap "cn=hbac,${SUFFIX}" \
+ "(ipaUniqueID=*)" "dn" "one"); then
+ count="ERROR"
+ else
+ count=$(grep -c "^dn:" <<<"$count" || true)
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+sudo_rules() {
+ local server="" count="" first_column="" state=""
+ local dir="${TMP_DIR}/sudo_rules"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "SUDO Rules"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap "cn=sudorules,cn=sudo,${SUFFIX}" \
+ "(ipaUniqueID=*)" "dn" "one"); then
+ count="ERROR"
+ else
+ count=$(grep -c "^dn:" <<<"$count" || true)
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+dns_zones() {
+ local server="" count="" state=""
+ local dir="${TMP_DIR}/dns_zones"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "DNS Zones"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! count=$(query_ldap "cn=dns,${SUFFIX}" \
+ "(objectClass=idnszone)" "dn" "one"); then
+ count="ERROR"
+ else
+ count=$(grep -c "^dn:" <<<"$count" || true)
+ fi
+ printf "%s" "$count" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+ldap_conflicts() {
+ local server="" conflicts="" state="" consistent=""
+ local dir="${TMP_DIR}/ldap_conflicts"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "LDAP Conflicts"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! conflicts=$(query_ldap "${SUFFIX}" "(nsds5ReplConflict=*)" \
+ "nsds5ReplConflict"); then
+ conflicts="ERROR"
+ else
+ if [[ -n "$conflicts" ]]; then
+ conflicts="YES"
+ else
+ conflicts="NO"
+ fi
+ fi
+ printf "%s" "$conflicts" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ consistent="$(is_consistent "$dir")"
+ conflicts="$(<"${dir}/${SERVERS[0]}")"
+ if [[ "$consistent" == "OK" && "$conflicts" == "NO" ]]; then
+ state="OK"
+ else
+ state="FAIL"
+ fi
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+anon_bind() {
+ local server="" state=""
+ local dir="${TMP_DIR}/anon_bind"
+
+ mkdir -p "$dir"
+ printf "%-${FIRST_COLUMN}s" "Anonymous BIND"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! state=$(query_ldap "cn=config" "(cn=config)" \
+ "nsslapd-allow-anonymous-access" \
+ | perl -p0e 's/\n //g' \
+ | awk '/nsslapd-allow-anonymous-access: / {print $2}'); then
+ state="ERROR"
+ fi
+ printf "%s" "$state" > "${dir}/${server}"
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ printf "%-${MIDDLE_COLUMNS}s" "$(< "${dir}/${server}")"
+ done
+ state="$(is_consistent "$dir")"
+ printf "%-${LAST_COLUMN}s\n" "$state"
+ if [[ $NAGIOS -eq 1 ]]; then
+ printf "%s\n" "$state" >> "${TMP_DIR}/nagios"
+ fi
+}
+
+replication() {
+ local server="" agreements="" agreement="" state=""
+ local -i i=0 max=0
+ local dir="${TMP_DIR}/replication"
+ local suffix="$(sed -e 's@=@\\3D@g' -e 's@,@\\,@g' <<<"$SUFFIX")"
+
+ mkdir -p "$dir"
+ for server in "${SERVERS[@]}"; do
+ (
+ if ! agreements=$(query_ldap \
+ "cn=replica,cn=${suffix},cn=mapping tree,cn=config" \
+ "nsDS5ReplicaHost" "nsds5replicaLastUpdateStatus" "one" \
+ | perl -p0e 's/\n //g' \
+ | awk '{if ($0 ~ /nsDS5ReplicaHost/) printf("%s",$2); if ($0 ~ /nsds5replicaLastUpdateStatus/) printf(" %s\n",$2)}' \
+ | sed -e "s/\.${DOMAIN}//g"); then
+ state="FAIL"
+ fi
+ for agreement in $agreements; do
+ printf "%s\n" "$agreement" >>"${dir}/${server}"
+ done
+ ) &
+ done
+ wait
+ for server in "${SERVERS[@]}"; do
+ if [[ -r "${dir}/${server}" ]]; then
+ n=$(wc -l < "${dir}/${server}")
+ else
+ n=0
+ fi
+ [[ $n -gt $max ]] && max=$n
+ done
+ for ((i=1; i<=max; i++)); do
+ [[ $i -eq 1 ]] && first_column="Replication Status" || first_column=""
+ printf "%-${FIRST_COLUMN}s" "$first_column"
+ for server in "${SERVERS[@]}"; do
+ if [[ -s "${dir}/${server}" ]]; then
+ line=$(sed -n '1p' "${dir}/${server}")
+ sed -i -e '1d' "${dir}/${server}"
+ else
+ line=""
+ fi
+ printf "%-${MIDDLE_COLUMNS}s" "$line"
+ done
+ printf "\n"
+ done
+}
+
+update_cols() {
+ local -i max=0
+
+ for server in "${SERVERS[@]}"; do
+ server="${server%%.*}"
+ [[ ${#server} -gt $max ]] && max=${#server}
+ done
+ max=$((max+4))
+ if [[ $max -gt $MIDDLE_COLUMNS ]]; then
+ MIDDLE_COLUMNS=$max
+ fi
+}
+
+query_servers() {
+ active_users > "$TMP_DIR/active_users.out" &
+ staged_users > "$TMP_DIR/staged_users.out" &
+ preserved_users > "$TMP_DIR/preserved_users.out" &
+ groups > "$TMP_DIR/groups.out" &
+ hosts > "$TMP_DIR/hosts.out" &
+ hostgroups > "$TMP_DIR/hostgroups.out" &
+ hbac_rules > "$TMP_DIR/hbac_rules.out" &
+ sudo_rules > "$TMP_DIR/sudo_rules.out" &
+ dns_zones > "$TMP_DIR/dns_zones.out" &
+ ldap_conflicts > "$TMP_DIR/ldap_conflicts.out" &
+ anon_bind > "$TMP_DIR/anon_bind.out" &
+ replication > "$TMP_DIR/replication.out" &
+ wait
+}
+
+display_data() {
+ printf "%s\n" "$(< "${TMP_DIR}/active_users.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/staged_users.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/preserved_users.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/groups.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/hosts.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/hostgroups.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/hbac_rules.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/sudo_rules.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/dns_zones.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/ldap_conflicts.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/anon_bind.out")"
+ printf "%s\n" "$(< "${TMP_DIR}/replication.out")"
+}
+
+cleanup() {
+ rm -rf "$TMP_DIR"
+}
+
+nagios_check() {
+ local -i oks=$(grep -c "OK" "${TMP_DIR}/nagios")
+ local -i fails=$(( CHECKS_NO - oks ))
+ local msg=""
+ local -i code=3
+
+ if [[ $fails -ge 0 && $fails -lt $WARNING ]]; then
+ msg="OK"
+ code=0
+ elif [[ $fails -ge $WARNING && $fails -lt $CRITICAL ]]; then
+ msg="WARNING"
+ code=1
+ elif [[ $fails -ge $CRITICAL ]]; then
+ msg="CRITICAL"
+ code=2
+ else
+ msg="UNKNOWN"
+ code=3
+ fi
+ msg="${msg} - ${oks}/${CHECKS_NO} checks passed"
+ printf "%s\n" "$msg"
+ cleanup
+ exit $code
+}
+
+main() {
+ get_opts "$@"
+ check_vars
+ get_pass
+ validate_pass
+ if [[ $NAGIOS -eq 0 ]]; then
+ display_header
+ fi
+ query_servers
+ if [[ $NAGIOS -eq 1 ]]; then
+ nagios_check
+ else
+ display_data
+ hr
+ fi
+ cleanup
+}
+
+main "$@"