#!/usr/bin/env bash set -o errexit set -o nounset set -o pipefail target="${1:-}" status=0 warnings=() criticals=() section() { printf '\n[%s]\n' "$1" } warn() { warnings+=("$1") printf 'WARNING: %s\n' "$1" } critical() { criticals+=("$1") status=1 printf 'CRITICAL: %s\n' "$1" } have() { command -v "$1" >/dev/null 2>&1 } run_if_available() { local command_name="$1" shift if have "$command_name"; then "$@" || warn "$command_name command failed" else warn "$command_name command not available" fi } section "LOCAL NETWORK" if have ip; then ip addr || warn "ip addr command failed" printf '\nRouting table:\n' ip route || warn "ip route command failed" printf '\nDefault gateway:\n' if ! ip route show default; then critical "default gateway not found" elif ! ip route show default | grep -q '^default '; then critical "default gateway not configured" fi else warn "ip command not available" fi section "INTERFACES" active_interfaces=0 if have ip; then ip -br link || warn "interface state query failed" active_interfaces="$(ip -br link 2>/dev/null | awk '$2 == "UP" && $1 != "lo" {count++} END {print count+0}')" if (( active_interfaces == 0 )); then critical "no active non-loopback interface detected" else printf 'OK: %s active non-loopback interface(s) detected\n' "$active_interfaces" fi else warn "cannot inspect interface state without ip command" fi section "DNS" if [[ -r /etc/resolv.conf ]]; then cat /etc/resolv.conf else warn "/etc/resolv.conf not readable" fi dns_target="${target:-localhost}" if have getent; then if getent hosts "$dns_target" >/dev/null 2>&1; then printf 'OK: DNS resolution succeeded for %s\n' "$dns_target" getent hosts "$dns_target" else critical "DNS resolution failed for ${dns_target}" fi elif have nslookup; then if nslookup "$dns_target"; then printf 'OK: DNS resolution succeeded for %s\n' "$dns_target" else critical "DNS resolution failed for ${dns_target}" fi else warn "no DNS lookup tool available" fi section "CONNECTIVITY" if [[ -n "$target" ]]; then if have ping; then if ping -c 3 -W 2 "$target"; then printf 'OK: ping succeeded for %s\n' "$target" else critical "ping failed for ${target}" fi else warn "ping command not available" fi run_if_available traceroute traceroute "$target" if have nc; then if nc -vz -w 3 "$target" 443; then printf 'OK: TCP 443 reachable on %s\n' "$target" else critical "TCP 443 connectivity failed for ${target}" fi elif have curl; then if curl --head --silent --show-error --connect-timeout 5 "https://${target}" >/dev/null; then printf 'OK: HTTPS connectivity succeeded for %s\n' "$target" else critical "HTTPS connectivity failed for ${target}" fi else warn "no TCP connectivity test tool available (nc or curl)" fi else printf 'OK: no target provided; skipped remote connectivity checks\n' fi section "PORTS" if have ss; then ss -tuln || warn "ss command failed" else warn "ss command not available" fi section "SUMMARY" if (( ${#criticals[@]} > 0 )); then printf 'CRITICAL: %s issue(s) detected\n' "${#criticals[@]}" fi if (( ${#warnings[@]} > 0 )); then printf 'WARNING: %s warning(s) detected\n' "${#warnings[@]}" fi if (( status == 0 )); then printf 'OK: no obvious DNS or connectivity problems detected\n' fi exit "$status"