root / plugins / ssl / ssl_ @ eaf6c2d7
Historique | Voir | Annoter | Télécharger (1,47 ko)
| 1 |
#!/bin/bash |
|---|---|
| 2 |
# -*- sh -*- |
| 3 |
|
| 4 |
: << =cut |
| 5 |
|
| 6 |
=head1 NAME |
| 7 |
|
| 8 |
ssl_ - Plugin to monitor certificate expiration |
| 9 |
|
| 10 |
=head1 CONFIGURATION |
| 11 |
|
| 12 |
This plugin does not normally require configuration. |
| 13 |
|
| 14 |
To set warning and critical levels do like this: |
| 15 |
|
| 16 |
[ssl_*] |
| 17 |
env.warning 30: |
| 18 |
|
| 19 |
=head1 AUTHOR |
| 20 |
|
| 21 |
Pactrick Domack |
| 22 |
|
| 23 |
Copyright (C) 2013 Patrick Domack <patrickdk@patrickdk.com> |
| 24 |
|
| 25 |
=head1 LICENSE |
| 26 |
|
| 27 |
=cut |
| 28 |
|
| 29 |
. $MUNIN_LIBDIR/plugins/plugin.sh |
| 30 |
|
| 31 |
ARGS=${0##*ssl_}
|
| 32 |
SITE=${ARGS/_*/}
|
| 33 |
PORT=${ARGS##*_}
|
| 34 |
if [ "$PORT" = "$SITE" ]; then |
| 35 |
PORT=443 |
| 36 |
fi |
| 37 |
|
| 38 |
case $1 in |
| 39 |
config) |
| 40 |
|
| 41 |
echo "graph_title $SITE SSL Certificate Expire" |
| 42 |
echo 'graph_args --base 1000' |
| 43 |
echo 'graph_vlabel days left' |
| 44 |
echo 'graph_category security' |
| 45 |
echo "graph_info This graph shows the days left for the certificate being served by $SITE" |
| 46 |
echo 'expire.label days' |
| 47 |
print_warning expire |
| 48 |
print_critical expire |
| 49 |
|
| 50 |
exit 0 |
| 51 |
;; |
| 52 |
esac |
| 53 |
|
| 54 |
cert=$(echo "" | openssl s_client -CApath /etc/ssl/certs -servername "${SITE}" -connect "${SITE}:${PORT}" 2>/dev/null);
|
| 55 |
|
| 56 |
if [[ "${cert}" = *"-----BEGIN CERTIFICATE-----"* ]]; then
|
| 57 |
echo "${cert}" | openssl x509 -noout -enddate | awk -F= 'BEGIN { split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", month, " "); for (i=1; i<=12; i++) mdigit[month[i]] = i; } /notAfter/ { split($0,a,"="); split(a[2],b," "); split(b[3],time,":"); datetime=b[4] " " mdigit[b[1]] " " b[2] " " time[1] " " time[2] " " time[3]; days=(mktime(datetime)-systime())/86400; print "expire.value " days; }'
|
| 58 |
fi |