root / plugins / ssl / certificate_file_expiry @ f6ea58d5
Historique | Voir | Annoter | Télécharger (1,84 ko)
| 1 | d6d5fa80 | Andreas Perhab | #!/bin/sh |
|---|---|---|---|
| 2 | : << =cut |
||
| 3 | =head1 NAME |
||
| 4 | |||
| 5 | 4e7c45fd | RenWal | certificate_file_expiry - check the certificate validity of your certificates |
| 6 | d6d5fa80 | Andreas Perhab | |
| 7 | = head1 CONFIGURATION |
||
| 8 | |||
| 9 | Installing: Add list of your certificates prefixed by the type in munin plugin-conf.d |
||
| 10 | |||
| 11 | For openvpn ca.crt and crl.pem |
||
| 12 | 09b88141 | Lars Kruse | |
| 13 | [certificate_file_expiry] |
||
| 14 | user root |
||
| 15 | env.CERTS crl:/etc/openvpn/easy-rsa/keys/crl.pem x509:/etc/openvpn/easy-rsa/keys/ca.crt |
||
| 16 | d6d5fa80 | Andreas Perhab | |
| 17 | 8713eb37 | Lars Kruse | For letsencrypt certificates |
| 18 | 09b88141 | Lars Kruse | |
| 19 | [certificate_file_expiry] |
||
| 20 | user root |
||
| 21 | env.CERTS x509:/etc/letsencrypt/live/domain1.example.com/cert.pem x509:/etc/letsencrypt/live/domain2.example.com/cert.pem |
||
| 22 | |||
| 23 | Warning and Critical levels can also be configured with env variables like this: |
||
| 24 | |||
| 25 | [certificate_file_expiry] |
||
| 26 | ... |
||
| 27 | # warn when certificate will be invalid within 5 days |
||
| 28 | env.warning 5: |
||
| 29 | # critical when certificate will be invalid within 1 day |
||
| 30 | env.critical 1: |
||
| 31 | d6d5fa80 | Andreas Perhab | |
| 32 | =head1 Dependencies |
||
| 33 | |||
| 34 | Dependencies: openssl |
||
| 35 | |||
| 36 | =head1 AUTHOR |
||
| 37 | |||
| 38 | 09b88141 | Lars Kruse | andreas perhab - andreas.perhab@wt-io-it.at (https://www.wt-io-it.at/) |
| 39 | d6d5fa80 | Andreas Perhab | |
| 40 | =head1 LICENSE |
||
| 41 | |||
| 42 | GPLv2 |
||
| 43 | |||
| 44 | =cut |
||
| 45 | |||
| 46 | . "$MUNIN_LIBDIR/plugins/plugin.sh" |
||
| 47 | |||
| 48 | if [ "$1" = "config" ] ; then |
||
| 49 | echo "graph_title Certificate validity" |
||
| 50 | echo "graph_args --logarithmic --base 1000" |
||
| 51 | echo "graph_vlabel certificate validity in days" |
||
| 52 | echo "graph_category security" |
||
| 53 | fi |
||
| 54 | |||
| 55 | now=$(date +%s) |
||
| 56 | warning=${warning:-5:}
|
||
| 57 | critical=${critical:-1:}
|
||
| 58 | for cert in ${CERTS}; do
|
||
| 59 | cert_type=${cert%:*}
|
||
| 60 | cert_file=${cert#*:}
|
||
| 61 | cert_name=$(clean_fieldname "$cert_file") |
||
| 62 | if [ "$1" = "config" ] ; then |
||
| 63 | echo "${cert_name}.label ${cert_file}"
|
||
| 64 | print_warning "$cert_name" |
||
| 65 | print_critical "$cert_name" |
||
| 66 | elif [ "$1" = "" ] ; then |
||
| 67 | validity=$(/usr/bin/openssl "$cert_type" -text -noout -in "$cert_file" | grep -E '(Next Update|Not After)') |
||
| 68 | validity=${validity#*:}
|
||
| 69 | validity=$(date --date="$validity" +%s) |
||
| 70 | validity=$((validity - now)) |
||
| 71 | validity=$(echo "$validity" | awk '{ print ($1 / 86400) }')
|
||
| 72 | echo "${cert_name}.value $validity"
|
||
| 73 | fi |
||
| 74 | done |