Index: check_ssl_cert.sh |
diff --git a/check_ssl_cert.sh b/check_ssl_cert.sh |
new file mode 100755 |
index 0000000000000000000000000000000000000000..307e427332bce90fdac157c79287daa5cee86f6d |
--- /dev/null |
+++ b/check_ssl_cert.sh |
@@ -0,0 +1,94 @@ |
+#!/bin/sh |
+ |
+# Icinga plugin that checks how many days are left until SSL certificate expires |
+# Usage: <PluginDir>/check_ssl_cert -H <HOSTNAME> -P <PORT> -c <CRITICAL> -w <WARNING> |
+ |
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" |
+export PATH |
+PROGNAME=`basename $0` |
mathias
2018/05/30 08:12:00
What if $0 contains white-space characters?
|
+PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` |
mathias
2018/05/30 08:12:00
Isn't there a regular POSIX or Linux command for t
|
+ |
+#. $PROGPATH/utils.sh |
mathias
2018/05/30 08:12:00
Please avoid "commented-out" lines that do no serv
|
+ |
+CURRENT_DATE=`date +%y%m%d` |
+HOST=$2 |
+PORT=$4 |
+CRITICAL=$6 |
+WARNING=$8 |
mathias
2018/05/30 08:12:00
What if any of $2, $4, $6, $8 contain white-space
|
+ |
+DAY=`echo | openssl s_client -connect "$HOST":$PORT 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | awk '{print $2}'` |
mathias
2018/05/30 08:12:00
There should be a better way to send non-input to
|
+ |
+if [ ! $DAY ] |
mathias
2018/05/30 08:11:59
Since you `-connect` to `$HOST:$PORT` multiple tim
|
+then |
+ echo "UNKNOWN - Could not connect to $HOST via port $PORT" |
+ exit $STATE_UNKNOWN |
+fi |
+ |
+MONTH=`echo | openssl s_client -connect "$HOST":$PORT 2>/dev/null | openssl x509 -noout -enddate | awk '{print $1}' | cut -c 10-` |
+YEAR=`echo | openssl s_client -connect "$HOST":$PORT 2>/dev/null | openssl x509 -noout -enddate | awk '{print $4}'` |
+ |
+case $MONTH in |
+ |
+ "Jan") |
+ MONTH="01" |
+ ;; |
+ "Feb") |
+ MONTH="02" |
+ ;; |
+ "Mar") |
+ MONTH="03" |
+ ;; |
+ "Apr") |
+ MONTH="04" |
+ ;; |
+ "May") |
+ MONTH="05" |
+ ;; |
+ "Jun") |
+ MONTH="06" |
+ ;; |
+ "Jul") |
+ MONTH="07" |
+ ;; |
+ "Aug") |
+ MONTH="08" |
+ ;; |
+ "Sep") |
+ MONTH="09" |
+ ;; |
+ "Oct") |
+ MONTH="10" |
+ ;; |
+ "Nov") |
+ MONTH="11" |
+ ;; |
+ "Dec") |
+ MONTH="12" |
+ ;; |
+ "*") |
+ echo "An error occured" |
+ exit 1 |
+ ;; |
+esac |
+ |
+EXPIRY_DATE_IN_SEC=`date -d $YEAR$MONTH$DAY +%s` |
+CURRENT_DATE_IN_SEC=`date -d $CURRENT_DATE +%s` |
+DIFF=`expr $EXPIRY_DATE_IN_SEC - $CURRENT_DATE_IN_SEC` |
+DIFF=`expr $DIFF / 86400` |
+ |
+if [ $DIFF -le $CRITICAL ] |
+then |
+ echo "CRITICAL - $HOST: SSL certificate has been expired!" |
+ exit $STATE_CRITICAL |
mathias
2018/05/30 08:11:59
Where are the $STATE_{CRITICAL,WARNING,OK,UNKNOWN}
|
+elif [ $DIFF -le $WARNING ] && [ $DIFF -gt $CRITICAL ] |
mathias
2018/05/30 08:12:00
You already know at this point that $DIFF is great
|
+then |
+ echo "WARNING - $HOST: SSL certificate will be expired in $DIFF days!" |
+ exit $STATE_WARNING |
+elif [ $DIFF -gt $WARNING ] |
+then |
+ echo "OK - $HOST: SSL certificate will be expired in $DIFF days" |
+ exit $STATE_OK |
+else |
+ echo "UNKNOWN - $HOST: Could not retrieve data" |
+ exit $STATE_UNKNOWN |
+fi |