check_ssl_cert.sh - Issue 29792596: #3298 - SSL monitoring script for icinga

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: check_ssl_cert.sh

Issue 29792596: #3298 - SSL monitoring script for icinga (Closed)

Patch Set: #3298 - SSL monitoring script for icinga Created May 29, 2018, 1:30 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 #!/bin/sh

	2

	3 # Icinga plugin that checks how many days are left until SSL certificate expires

	4 # Usage: <PluginDir>/check_ssl_cert -H <HOSTNAME> -P <PORT> -c <CRITICAL> -w <WA RNING>

	5

	6 PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"

	7 export PATH

	8 PROGNAME=`basename $0`
	mathias 2018/05/30 08:12:00 What if $0 contains white-space characters? What if $0 contains white-space characters?
	9 PROGPATH=`echo $0 \| sed -e 's,[\\/][^\\/][^\\/]*$,,'`
	mathias 2018/05/30 08:12:00 Isn't there a regular POSIX or Linux command for t Isn't there a regular POSIX or Linux command for that? It should not require a regular expression in the script just to get the directory name.
	10

	11 #. $PROGPATH/utils.sh
	mathias 2018/05/30 08:12:00 Please avoid "commented-out" lines that do no serv Please avoid "commented-out" lines that do no serve a purpose, e.g. in documentation.
	12

	13 CURRENT_DATE=`date +%y%m%d`

	14 HOST=$2

	15 PORT=$4

	16 CRITICAL=$6

	17 WARNING=$8
	mathias 2018/05/30 08:12:00 What if any of $2, $4, $6, $8 contain white-space What if any of $2, $4, $6, $8 contain white-space characters?
	18

	19 DAY=`echo \| openssl s_client -connect "$HOST":$PORT 2>/dev/null \| openssl x509 - noout -enddate 2>/dev/null \| awk '{print $2}'`
	mathias 2018/05/30 08:12:00 There should be a better way to send non-input to There should be a better way to send non-input to the `openssl` command other than pipe-lining an `echo`. You could use input redirection from /dev/null, for example. See https://www.tutorialspoint.com/unix/unix-io-redirections.htm for an introduction.
	20

	21 if [ ! $DAY ]
	mathias 2018/05/30 08:11:59 Since you `-connect` to `$HOST:$PORT` multiple tim Since you `-connect` to `$HOST:$PORT` multiple times during the script, why do you have error handling logic only for the first attempt?
	22 then

	23 echo "UNKNOWN - Could not connect to $HOST via port $PORT"

	24 exit $STATE_UNKNOWN

	25 fi

	26

	27 MONTH=`echo \| openssl s_client -connect "$HOST":$PORT 2>/dev/null \| openssl x509 -noout -enddate \| awk '{print $1}' \| cut -c 10-`

	28 YEAR=`echo \| openssl s_client -connect "$HOST":$PORT 2>/dev/null \| openssl x509 -noout -enddate \| awk '{print $4}'`

	29

	30 case $MONTH in

	31

	32 "Jan")

	33 MONTH="01"

	34 ;;

	35 "Feb")

	36 MONTH="02"

	37 ;;

	38 "Mar")

	39 MONTH="03"

	40 ;;

	41 "Apr")

	42 MONTH="04"

	43 ;;

	44 "May")

	45 MONTH="05"

	46 ;;

	47 "Jun")

	48 MONTH="06"

	49 ;;

	50 "Jul")

	51 MONTH="07"

	52 ;;

	53 "Aug")

	54 MONTH="08"

	55 ;;

	56 "Sep")

	57 MONTH="09"

	58 ;;

	59 "Oct")

	60 MONTH="10"

	61 ;;

	62 "Nov")

	63 MONTH="11"

	64 ;;

	65 "Dec")

	66 MONTH="12"

	67 ;;

	68 "*")

	69 echo "An error occured"

	70 exit 1

	71 ;;

	72 esac

	73

	74 EXPIRY_DATE_IN_SEC=`date -d $YEAR$MONTH$DAY +%s`

	75 CURRENT_DATE_IN_SEC=`date -d $CURRENT_DATE +%s`

	76 DIFF=`expr $EXPIRY_DATE_IN_SEC - $CURRENT_DATE_IN_SEC`

	77 DIFF=`expr $DIFF / 86400`

	78

	79 if [ $DIFF -le $CRITICAL ]

	80 then

	81 echo "CRITICAL - $HOST: SSL certificate has been expired!"

	82 exit $STATE_CRITICAL
	mathias 2018/05/30 08:11:59 Where are the $STATE_{CRITICAL,WARNING,OK,UNKNOWN} Where are the $STATE_{CRITICAL,WARNING,OK,UNKNOWN} variables defined?
	83 elif [ $DIFF -le $WARNING ] && [ $DIFF -gt $CRITICAL ]
	mathias 2018/05/30 08:12:00 You already know at this point that $DIFF is great You already know at this point that $DIFF is greater than $CRITICAL because you already determined above that $DIFF is not less than or equal $CRITICAL.
	84 then

	85 echo "WARNING - $HOST: SSL certificate will be expired in $DIFF days!"

	86 exit $STATE_WARNING

	87 elif [ $DIFF -gt $WARNING ]

	88 then

	89 echo "OK - $HOST: SSL certificate will be expired in $DIFF days"

	90 exit $STATE_OK

	91 else

	92 echo "UNKNOWN - $HOST: Could not retrieve data"

	93 exit $STATE_UNKNOWN

	94 fi

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »