#!/usr/bin/perl
# Written By Assaf Flatto	
# description: Checks the emails in the OSSEC mail box and reports of emails in severity >10

use strict;
use lib "/usr/local/nagios/libexec";
use warnings;
use Mail::IMAPClient;
use DateTime::Format::Mail;
use DateTime ;
use utils qw(&print_revision %ERRORS) ;
use Getopt::Long;
use vars qw($opt_V $opt_h $opt_H $opt_u $opt_t $opt_p $VERSION $PROGNAME $alert);

Getopt::Long::Configure('bundling');
GetOptions ("V"   => \$opt_V, "version"    => \$opt_V,
	     "h"   => \$opt_h, "help"       => \$opt_h,
	    "H"   => \$opt_H, "host"       => \$opt_H,
	    "u"   => \$opt_u, "username"       => \$opt_u,
	    "p"   => \$opt_p, "password"       => \$opt_p,
	    "t"   => \$opt_t, "time"       => \$opt_t);

$PROGNAME = "check_ossec_mails";
$VERSION = 0.1;

sub print_help () {
        print "Usage:\n";
        print "  $PROGNAME :Checks the emails in the OSSEC mail box and reports of emails in severity >10 \n";
        print "  -h , --help : Display this help data \n";
        print "\n";
	print " $PROGNAME takes the following paramaters :\n";
	print " \t-H , --host : The Mail Server FQDN or IP address \n" ;
	print " \t-u , --username : the mailbox access username \n" ;
	print " \t-p , --password : Mailbox Password \n";
	print " \t-t , --time : the time intervan (in minutes) to check for the alerts\n" ;
	print " \n";
	print " Execution format :\n" ;
        print " $PROGNAME -H <host> -u <username> -p <password> -t <time-interval> \n";
	print " \n";
	print "Copyright (c) 2009 Assaf Flatto\n\n";
	exit $ERRORS{'UNKNOWN'};

    }
#Show Version
if ($opt_V){
     print "$PROGNAME" . " $VERSION \n" ;
      exit $ERRORS{'UNKNOWN'};
    }

# Show Help
if ($opt_h) {
     print_help();
    exit $ERRORS{'UNKNOWN'};
}

my @msgct = 0 ;
my $stat = 0 ;
$opt_u = $ARGV[1] ;  
$opt_p = $ARGV[2] ;
$opt_H = $ARGV[0] ;
$opt_t = $ARGV[3] ;

print_help() unless $ARGV[0] ;

my $client = Mail::IMAPClient->new(
   Server   => $opt_H,
   User     => $opt_u,
   Password => $opt_p,
  )
  or die "new(): $@";

my $pf = DateTime::Format::Mail->new();

if ($client->IsAuthenticated()) {
    $client->select("Inbox") or die "Could not select: $@\n";
    @msgct = $client->since(time()-($opt_t*60));
    }

my $end = time()-($opt_t*60);

if (@msgct){
    foreach my $msg (reverse @msgct) {
#        print "$count \n" ;
#	print "$msg \n" ;
	my $stamp = $client->date($msg);
        my $epoch =$pf->parse_datetime($stamp) ->epoch; 

	if ( $epoch >= $end ){
	$alert =$client->get_header($msg,"Subject");
#	print "$alert \n" ;  
#        print "$stamp \n" ; 
#	print "$epoch \n" ; 
	if ( ($alert =~ "Alert level 10") || ($alert =~ "Alert level 11") || ($alert =~ "Alert level 12") ) {
        	 $stat = "2" ;
	        print "OSSEC ALERT :" . " Critical Alerts detected $alert \n";
   	        exit $ERRORS{CRITICAL} ;
	    }else{
		$stat = "0" ; 
		}    
	}else {
    	    print "OK :" . " No Critical OSSEC Alerts found  \n";
    	    exit $ERRORS{OK};
	     }
        }
    }else {
	print "OSSEC Unknown :" . " Array Empty - Problems detected  \n";
        exit $ERRORS{UNKNOWN} ;
    }

$client->logout();