diff options
| author | josef <josef@guest119.se-tug.nordu.net> | 2015-09-01 14:13:26 +0200 |
|---|---|---|
| committer | josef <josef@guest119.se-tug.nordu.net> | 2015-09-01 14:13:26 +0200 |
| commit | e71fab5e9f9a9b0b7a298acec5c85c188f7fe58f (patch) | |
| tree | f81102067616797ccefe4ff96a23f163ae9e513d /tools/josef_experimental_auditor.py | |
| parent | 54e38a8c5ac97bffdd1fba995375f8e80727b6e5 (diff) | |
updates
Diffstat (limited to 'tools/josef_experimental_auditor.py')
| -rwxr-xr-x | tools/josef_experimental_auditor.py | 34 |
1 files changed, 31 insertions, 3 deletions
diff --git a/tools/josef_experimental_auditor.py b/tools/josef_experimental_auditor.py index b7d3bc6..135bb46 100755 --- a/tools/josef_experimental_auditor.py +++ b/tools/josef_experimental_auditor.py @@ -41,9 +41,11 @@ parser = argparse.ArgumentParser(description="") parser.add_argument('--audit', action='store_true', help="run lightweight auditor verifying consistency in STH") parser.add_argument('--audit2', action='store_true', help="run medium-weight auditor verifying consistency in STH and inclusion proofs of new entries") parser.add_argument('--audit3', action='store_true', help="continously run medium-weight auditor verifying consistency in STH and inclusion proofs of new entries") +parser.add_argument('--audit4', action='store_true', help="run one check on one server") parser.add_argument('--build-sth', action='store_true', help="get all entries and construct STH") parser.add_argument('--verify-index', default=None, help="Verify a specific index in all logs" ) # parser.add_argument('--verify-hash', action='store_true', help="Verify an entry hash in all logs" ) +parser.add_argument('--host', default=None, help="Base URL for CT log") parser.add_argument('--roots', action='store_true', help="Check accepted root certificates for all logs" ) parser.add_argument('--cur-sth', metavar='file', @@ -111,7 +113,7 @@ def fetch_all_sth(): try: check_sth_signature(base_url, sths[base_url], logkeys[base_url]) except: - error_str = time.strftime('%H:%M:%S') + " ERROR: Could not verify signature from " + base_url + "!!!" + error_str = time.strftime('%H:%M:%S') + " ERROR: Could not verify signature from " + base_url print error_str errors.append(error_str) continue @@ -343,10 +345,12 @@ def main(args): # print time.strftime("%H:%M:%S") + " Starting..." if args.verify_index is None and not args.build_sth and not args.audit and not args.audit2 \ - and not args.audit3 and not args.verify_hash and not args.roots: + and not args.audit3 and not args.audit4 and not args.roots: print time.strftime('%H:%M:%S') + " Nothing to do." return + elif args.audit4: + pass else: sth = fetch_all_sth() @@ -404,7 +408,31 @@ def main(args): verify_inclusion_all(old_sth, sth) write_file(args.cur_sth, sth) - + # Experimental for plausible + nagios + if args.audit4: + base_url = base_urls[0] + old_sth = read_sth("plausible-sth.json") + print "Running auditor4 for " + base_url + try: + tmp_sth = get_sth(base_url) + except: + # sths[base_url] = None + error_str = time.strftime('%H:%M:%S') + " ERROR: Failed to retrieve STH from " + base_url + print error_str + errors.append(error_str) + sys.exit(NAGIOS_WARN) + + # Check signature on the STH + try: + check_sth_signature(base_url, tmp_sth, logkeys[base_url]) + write_file("plausible-sth.json", tmp_sth) + except: + error_str = time.strftime('%H:%M:%S') + " ERROR: Could not verify signature from " + base_url + print error_str + errors.append(error_str) + sys.exit(NAGIOS_CRIT) + sys.exit(NAGIOS_OK) + if __name__ == '__main__': # try: |