This commit is contained in:
Mateusz Suski
@@ -0,0 +1,161 @@
|
||||
#!/usr/bin/env bash
|
||||
set -o errexit
|
||||
set -o nounset
|
||||
set -o pipefail
|
||||
|
||||
host_name=""
|
||||
port=""
|
||||
count=3
|
||||
timeout_seconds=3
|
||||
|
||||
usage() {
|
||||
cat <<'USAGE'
|
||||
Usage: check_dns_connectivity.sh --host HOST [--port PORT] [--count COUNT] [--timeout SECONDS] [--help]
|
||||
|
||||
Check DNS resolution, ping, optional TCP connectivity, and local route hints.
|
||||
USAGE
|
||||
}
|
||||
|
||||
is_number() {
|
||||
[[ "$1" =~ ^[0-9]+$ ]]
|
||||
}
|
||||
|
||||
while (($# > 0)); do
|
||||
case "$1" in
|
||||
--host) [[ $# -ge 2 ]] || { printf 'CRITICAL: --host requires a value\n'; exit 2; }; host_name="$2"; shift 2 ;;
|
||||
--port) [[ $# -ge 2 ]] || { printf 'CRITICAL: --port requires a value\n'; exit 2; }; port="$2"; shift 2 ;;
|
||||
--count) [[ $# -ge 2 ]] || { printf 'CRITICAL: --count requires a value\n'; exit 2; }; count="$2"; shift 2 ;;
|
||||
--timeout) [[ $# -ge 2 ]] || { printf 'CRITICAL: --timeout requires a value\n'; exit 2; }; timeout_seconds="$2"; shift 2 ;;
|
||||
--help|-h) usage; exit 0 ;;
|
||||
*) printf 'CRITICAL: unknown option: %s\n' "$1"; usage; exit 2 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z "$host_name" ]]; then
|
||||
printf 'CRITICAL: --host is required\n'
|
||||
usage
|
||||
exit 2
|
||||
fi
|
||||
for value in "$count" "$timeout_seconds"; do
|
||||
if ! is_number "$value"; then
|
||||
printf 'CRITICAL: numeric option expected, got: %s\n' "$value"
|
||||
exit 2
|
||||
fi
|
||||
done
|
||||
if [[ -n "$port" ]] && ! is_number "$port"; then
|
||||
printf 'CRITICAL: --port must be numeric\n'
|
||||
exit 2
|
||||
fi
|
||||
if ! command -v getent >/dev/null 2>&1; then
|
||||
printf 'CRITICAL: required command not found: getent\n'
|
||||
exit 2
|
||||
fi
|
||||
|
||||
dns_ok=0
|
||||
ping_ok=0
|
||||
tcp_ok=0
|
||||
tcp_checked=0
|
||||
tcp_note=""
|
||||
ping_output="$(mktemp)"
|
||||
trap 'rm -f "$ping_output"' EXIT
|
||||
|
||||
dns_output="$(getent hosts "$host_name" 2>/dev/null || true)"
|
||||
if [[ -n "$dns_output" ]]; then
|
||||
dns_ok=1
|
||||
fi
|
||||
|
||||
if command -v ping >/dev/null 2>&1; then
|
||||
if ping -c "$count" -W "$timeout_seconds" "$host_name" > "$ping_output" 2>&1; then
|
||||
ping_ok=1
|
||||
fi
|
||||
else
|
||||
printf 'WARNING: ping command not available; ICMP check skipped\n' > "$ping_output"
|
||||
fi
|
||||
|
||||
if [[ -n "$port" ]]; then
|
||||
tcp_checked=1
|
||||
if command -v timeout >/dev/null 2>&1; then
|
||||
if timeout "$timeout_seconds" bash -c ":</dev/tcp/${host_name}/${port}" >/dev/null 2>&1; then
|
||||
tcp_ok=1
|
||||
fi
|
||||
else
|
||||
tcp_note="WARNING: timeout command not available; TCP /dev/tcp check used without external timeout"
|
||||
if bash -c ":</dev/tcp/${host_name}/${port}" >/dev/null 2>&1; then
|
||||
tcp_ok=1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
status="OK"
|
||||
exit_code=0
|
||||
if ((dns_ok == 0)); then
|
||||
status="CRITICAL"
|
||||
exit_code=3
|
||||
elif ((tcp_checked == 1 && tcp_ok == 0)); then
|
||||
status="CRITICAL"
|
||||
exit_code=3
|
||||
elif command -v ping >/dev/null 2>&1 && ((ping_ok == 0)); then
|
||||
status="WARNING"
|
||||
exit_code=1
|
||||
fi
|
||||
|
||||
printf '%s: DNS=%s ping=%s' "$status" "$([[ "$dns_ok" == 1 ]] && printf OK || printf FAILED)" "$([[ "$ping_ok" == 1 ]] && printf OK || printf UNKNOWN_OR_FAILED)"
|
||||
if ((tcp_checked == 1)); then
|
||||
printf ' tcp_%s=%s' "$port" "$([[ "$tcp_ok" == 1 ]] && printf OK || printf FAILED)"
|
||||
fi
|
||||
printf '\n\n'
|
||||
|
||||
printf 'DNS result:\n'
|
||||
if [[ -n "$dns_output" ]]; then
|
||||
printf '%s\n' "$dns_output"
|
||||
else
|
||||
printf 'CRITICAL: getent hosts returned no records for %s\n' "$host_name"
|
||||
fi
|
||||
printf '\n'
|
||||
|
||||
printf 'Ping result:\n'
|
||||
if [[ -s "$ping_output" ]]; then
|
||||
cat "$ping_output"
|
||||
else
|
||||
printf 'WARNING: ping result unavailable or ping command missing\n'
|
||||
fi
|
||||
printf '\n'
|
||||
|
||||
if ((tcp_checked == 1)); then
|
||||
printf 'TCP port result:\n'
|
||||
if ((tcp_ok == 1)); then
|
||||
printf 'OK: TCP connection to %s:%s succeeded\n' "$host_name" "$port"
|
||||
else
|
||||
printf 'CRITICAL: TCP connection to %s:%s failed or timed out\n' "$host_name" "$port"
|
||||
fi
|
||||
if [[ -n "$tcp_note" ]]; then
|
||||
printf '%s\n' "$tcp_note"
|
||||
fi
|
||||
printf '\n'
|
||||
fi
|
||||
|
||||
printf 'Local network hints:\n'
|
||||
if command -v ip >/dev/null 2>&1; then
|
||||
ip route show default 2>/dev/null || printf 'WARNING: unable to read default route\n'
|
||||
elif command -v ss >/dev/null 2>&1; then
|
||||
ss -tuln 2>/dev/null | head -n 20 || printf 'WARNING: unable to read socket summary\n'
|
||||
else
|
||||
printf 'WARNING: ip and ss are unavailable; local network hints skipped\n'
|
||||
fi
|
||||
printf '\n'
|
||||
|
||||
printf 'Evidence:\n'
|
||||
printf 'Host: %s count=%s timeout=%ss port=%s\n' "$host_name" "$count" "$timeout_seconds" "${port:-not checked}"
|
||||
if [[ -n "$tcp_note" ]]; then
|
||||
printf '%s\n' "$tcp_note"
|
||||
fi
|
||||
printf '\n'
|
||||
|
||||
printf 'Recommended next steps:\n'
|
||||
printf -- '- Verify the DNS record and resolver path\n'
|
||||
printf -- '- Check firewall, routing, security group, or proxy policy\n'
|
||||
printf -- '- Compare results from another host or network segment\n'
|
||||
printf -- '- Check application endpoint health after network reachability is confirmed\n'
|
||||
printf -- '- Attach this output to incident ticket\n'
|
||||
|
||||
exit "$exit_code"
|
||||
Reference in New Issue
Block a user