root / plugins / ssl / ssl_ @ 8542c092
Historique | Voir | Annoter | Télécharger (2,24 ko)
| 1 |
#!/bin/sh |
|---|---|
| 2 |
# -*- sh -*- |
| 3 |
|
| 4 |
: << =cut |
| 5 |
|
| 6 |
=head1 NAME |
| 7 |
|
| 8 |
ssl_ - Plugin to monitor certificate expiration |
| 9 |
|
| 10 |
=head1 CONFIGURATION |
| 11 |
|
| 12 |
This plugin does not normally require configuration. |
| 13 |
|
| 14 |
To set warning and critical levels do like this: |
| 15 |
|
| 16 |
[ssl_*] |
| 17 |
env.warning 30: |
| 18 |
env.max_time 5 |
| 19 |
|
| 20 |
=head1 AUTHOR |
| 21 |
|
| 22 |
Pactrick Domack |
| 23 |
|
| 24 |
Copyright (C) 2013 Patrick Domack <patrickdk@patrickdk.com> |
| 25 |
|
| 26 |
=head1 LICENSE |
| 27 |
|
| 28 |
=cut |
| 29 |
|
| 30 |
# shellcheck disable=SC1090 |
| 31 |
. "$MUNIN_LIBDIR/plugins/plugin.sh" |
| 32 |
|
| 33 |
ARGS=${0##*ssl_}
|
| 34 |
if echo "$ARGS" | grep -q "_"; then |
| 35 |
SITE=$(echo "$ARGS" | cut -f 1 -d "_") |
| 36 |
PORT=$(echo "$ARGS" | cut -f 2 -d "_") |
| 37 |
else |
| 38 |
SITE=$ARGS |
| 39 |
PORT=443 |
| 40 |
fi |
| 41 |
|
| 42 |
|
| 43 |
# Read data including a certificate from stdin and output the (fractional) number of days left |
| 44 |
# until the expiry of this certificate. The output is empty if parsing failed. |
| 45 |
parse_valid_days_from_certificate() {
|
| 46 |
local input_data |
| 47 |
local valid_until_string |
| 48 |
local valid_until_epoch |
| 49 |
local now_epoch |
| 50 |
local input_data |
| 51 |
input_data=$(cat) |
| 52 |
if echo "$input_data" | grep -q -- "-----BEGIN CERTIFICATE-----"; then |
| 53 |
valid_until_string=$(echo "$input_data" | openssl x509 -noout -enddate \ |
| 54 |
| grep "^notAfter=" | cut -f 2 -d "=") |
| 55 |
if [ -n "$valid_until_string" ]; then |
| 56 |
valid_until_epoch=$(date --date="$valid_until_string" +%s) |
| 57 |
if [ -n "$valid_until_epoch" ]; then |
| 58 |
now_epoch=$(date +%s) |
| 59 |
# calculate the number of days left |
| 60 |
echo "$valid_until_epoch" "$now_epoch" | awk '{ print(($1 - $2) / (24 * 3600)); }'
|
| 61 |
fi |
| 62 |
fi |
| 63 |
fi |
| 64 |
} |
| 65 |
|
| 66 |
|
| 67 |
case $1 in |
| 68 |
config) |
| 69 |
|
| 70 |
echo "graph_title $SITE SSL Certificate Expire" |
| 71 |
echo 'graph_args --base 1000' |
| 72 |
echo 'graph_vlabel days left' |
| 73 |
echo 'graph_category security' |
| 74 |
echo "graph_info This graph shows the days left for the certificate being served by $SITE" |
| 75 |
echo 'expire.label days' |
| 76 |
print_warning expire |
| 77 |
print_critical expire |
| 78 |
|
| 79 |
exit 0 |
| 80 |
;; |
| 81 |
esac |
| 82 |
|
| 83 |
cert=$(timeout "${max_time:-5}" openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:${PORT}" 2>/dev/null < /dev/null);
|
| 84 |
|
| 85 |
days_left=$(echo "$cert" | parse_valid_days_from_certificate) |
| 86 |
[ -n "$days_left" ] || days_left="U" |
| 87 |
|
| 88 |
printf 'expire.value %s\n' "$days_left" |