Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: check_ssl_cert.sh

Issue 29792596: #3298 - SSL monitoring script for icinga (Closed)
Patch Set: #3298 - SSL monitoring script for icinga Created May 29, 2018, 1:30 p.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: check_ssl_cert.sh
diff --git a/check_ssl_cert.sh b/check_ssl_cert.sh
new file mode 100755
index 0000000000000000000000000000000000000000..307e427332bce90fdac157c79287daa5cee86f6d
--- /dev/null
+++ b/check_ssl_cert.sh
@@ -0,0 +1,94 @@
+#!/bin/sh
+
+# Icinga plugin that checks how many days are left until SSL certificate expires
+# Usage: <PluginDir>/check_ssl_cert -H <HOSTNAME> -P <PORT> -c <CRITICAL> -w <WARNING>
+
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
+export PATH
+PROGNAME=`basename $0`
mathias 2018/05/30 08:12:00 What if $0 contains white-space characters?
+PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
mathias 2018/05/30 08:12:00 Isn't there a regular POSIX or Linux command for t
+
+#. $PROGPATH/utils.sh
mathias 2018/05/30 08:12:00 Please avoid "commented-out" lines that do no serv
+
+CURRENT_DATE=`date +%y%m%d`
+HOST=$2
+PORT=$4
+CRITICAL=$6
+WARNING=$8
mathias 2018/05/30 08:12:00 What if any of $2, $4, $6, $8 contain white-space
+
+DAY=`echo | openssl s_client -connect "$HOST":$PORT 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null | awk '{print $2}'`
mathias 2018/05/30 08:12:00 There should be a better way to send non-input to
+
+if [ ! $DAY ]
mathias 2018/05/30 08:11:59 Since you `-connect` to `$HOST:$PORT` multiple tim
+then
+ echo "UNKNOWN - Could not connect to $HOST via port $PORT"
+ exit $STATE_UNKNOWN
+fi
+
+MONTH=`echo | openssl s_client -connect "$HOST":$PORT 2>/dev/null | openssl x509 -noout -enddate | awk '{print $1}' | cut -c 10-`
+YEAR=`echo | openssl s_client -connect "$HOST":$PORT 2>/dev/null | openssl x509 -noout -enddate | awk '{print $4}'`
+
+case $MONTH in
+
+ "Jan")
+ MONTH="01"
+ ;;
+ "Feb")
+ MONTH="02"
+ ;;
+ "Mar")
+ MONTH="03"
+ ;;
+ "Apr")
+ MONTH="04"
+ ;;
+ "May")
+ MONTH="05"
+ ;;
+ "Jun")
+ MONTH="06"
+ ;;
+ "Jul")
+ MONTH="07"
+ ;;
+ "Aug")
+ MONTH="08"
+ ;;
+ "Sep")
+ MONTH="09"
+ ;;
+ "Oct")
+ MONTH="10"
+ ;;
+ "Nov")
+ MONTH="11"
+ ;;
+ "Dec")
+ MONTH="12"
+ ;;
+ "*")
+ echo "An error occured"
+ exit 1
+ ;;
+esac
+
+EXPIRY_DATE_IN_SEC=`date -d $YEAR$MONTH$DAY +%s`
+CURRENT_DATE_IN_SEC=`date -d $CURRENT_DATE +%s`
+DIFF=`expr $EXPIRY_DATE_IN_SEC - $CURRENT_DATE_IN_SEC`
+DIFF=`expr $DIFF / 86400`
+
+if [ $DIFF -le $CRITICAL ]
+then
+ echo "CRITICAL - $HOST: SSL certificate has been expired!"
+ exit $STATE_CRITICAL
mathias 2018/05/30 08:11:59 Where are the $STATE_{CRITICAL,WARNING,OK,UNKNOWN}
+elif [ $DIFF -le $WARNING ] && [ $DIFF -gt $CRITICAL ]
mathias 2018/05/30 08:12:00 You already know at this point that $DIFF is great
+then
+ echo "WARNING - $HOST: SSL certificate will be expired in $DIFF days!"
+ exit $STATE_WARNING
+elif [ $DIFF -gt $WARNING ]
+then
+ echo "OK - $HOST: SSL certificate will be expired in $DIFF days"
+ exit $STATE_OK
+else
+ echo "UNKNOWN - $HOST: Could not retrieve data"
+ exit $STATE_UNKNOWN
+fi
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld