root / plugins / ssl / ssl_ @ 292cfb95
Historique | Voir | Annoter | Télécharger (2,19 ko)
| 1 | e7eb2886 | Lars Kruse | #!/bin/sh |
|---|---|---|---|
| 2 | e2eef65c | Simon Tennant | # -*- sh -*- |
| 3 | |||
| 4 | : << =cut |
||
| 5 | |||
| 6 | =head1 NAME |
||
| 7 | |||
| 8 | ssl_ - Plugin to monitor certificate expiration |
||
| 9 | |||
| 10 | =head1 CONFIGURATION |
||
| 11 | |||
| 12 | This plugin does not normally require configuration. |
||
| 13 | |||
| 14 | To set warning and critical levels do like this: |
||
| 15 | |||
| 16 | [ssl_*] |
||
| 17 | env.warning 30: |
||
| 18 | |||
| 19 | =head1 AUTHOR |
||
| 20 | |||
| 21 | Pactrick Domack |
||
| 22 | |||
| 23 | Copyright (C) 2013 Patrick Domack <patrickdk@patrickdk.com> |
||
| 24 | |||
| 25 | =head1 LICENSE |
||
| 26 | |||
| 27 | =cut |
||
| 28 | |||
| 29 | e7eb2886 | Lars Kruse | # shellcheck disable=SC1090 |
| 30 | 91fe427b | Olivier Mehani | . "$MUNIN_LIBDIR/plugins/plugin.sh" |
| 31 | e2eef65c | Simon Tennant | |
| 32 | 21dfe488 | Olivier Mehani | ARGS=${0##*ssl_}
|
| 33 | e7eb2886 | Lars Kruse | if echo "$ARGS" | grep -q "_"; then |
| 34 | SITE=$(echo "$ARGS" | cut -f 1 -d "_") |
||
| 35 | PORT=$(echo "$ARGS" | cut -f 2 -d "_") |
||
| 36 | else |
||
| 37 | SITE=$ARGS |
||
| 38 | PORT=443 |
||
| 39 | 21dfe488 | Olivier Mehani | fi |
| 40 | e2eef65c | Simon Tennant | |
| 41 | e7eb2886 | Lars Kruse | |
| 42 | # Read data including a certificate from stdin and output the (fractional) number of days left |
||
| 43 | # until the expiry of this certificate. The output is empty if parsing failed. |
||
| 44 | parse_valid_days_from_certificate() {
|
||
| 45 | local input_data |
||
| 46 | local valid_until_string |
||
| 47 | local valid_until_epoch |
||
| 48 | local now_epoch |
||
| 49 | local input_data |
||
| 50 | input_data=$(cat) |
||
| 51 | if echo "$input_data" | grep -q -- "-----BEGIN CERTIFICATE-----"; then |
||
| 52 | valid_until_string=$(echo "$input_data" | openssl x509 -noout -enddate \ |
||
| 53 | | grep "^notAfter=" | cut -f 2 -d "=") |
||
| 54 | if [ -n "$valid_until_string" ]; then |
||
| 55 | valid_until_epoch=$(date --date="$valid_until_string" +%s) |
||
| 56 | if [ -n "$valid_until_epoch" ]; then |
||
| 57 | now_epoch=$(date +%s) |
||
| 58 | # calculate the number of days left |
||
| 59 | echo "$valid_until_epoch" "$now_epoch" | awk '{ print(($1 - $2) / (24 * 3600)); }'
|
||
| 60 | fi |
||
| 61 | fi |
||
| 62 | fi |
||
| 63 | } |
||
| 64 | |||
| 65 | |||
| 66 | e2eef65c | Simon Tennant | case $1 in |
| 67 | config) |
||
| 68 | |||
| 69 | echo "graph_title $SITE SSL Certificate Expire" |
||
| 70 | echo 'graph_args --base 1000' |
||
| 71 | echo 'graph_vlabel days left' |
||
| 72 | eaf6c2d7 | dipohl | echo 'graph_category security' |
| 73 | e2eef65c | Simon Tennant | echo "graph_info This graph shows the days left for the certificate being served by $SITE" |
| 74 | echo 'expire.label days' |
||
| 75 | print_warning expire |
||
| 76 | print_critical expire |
||
| 77 | |||
| 78 | exit 0 |
||
| 79 | ;; |
||
| 80 | esac |
||
| 81 | |||
| 82 | 21dfe488 | Olivier Mehani | cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:${PORT}" 2>/dev/null);
|
| 83 | e2eef65c | Simon Tennant | |
| 84 | e7eb2886 | Lars Kruse | days_left=$(echo "$cert" | parse_valid_days_from_certificate) |
| 85 | [ -n "$days_left" ] || days_left="U" |
||
| 86 | |||
| 87 | 7fed3b97 | Lars Kruse | printf 'expire.value %s\n' "$days_left" |