Projet

Général

Profil

Révision fea81596

IDfea81596ebc436e44963c7aece7aa6a908033b2b
Parent fd2fb560
Enfant 16d38264

Ajouté par Andreas Perhab il y a presque 4 ans

certificate_file_expiry: optional logarithmic view for long lived certs

logarithmic was removed in d885a314ade7c1287237d61f4d2b1f24db509533
but still has it's benefits for openvpn CA and CRL certs. when enabling
logarithmic we keep the SI units now instead of rrdtools default
scientific notation.

Voir les différences:

plugins/ssl/certificate_file_expiry
13 13 
 [certificate_file_expiry]
14 14 
 user root
15 15 
 env.CERTS crl:/etc/openvpn/easy-rsa/keys/crl.pem x509:/etc/openvpn/easy-rsa/keys/ca.crt
16 
 env.LOGARITHMIC yes
16 17 

  		




  17
  18
  
    
For letsencrypt certificates


  		




  18
  19
  
    

  		




  ......




  26
  27
  
    
 ...


  		




  27
  28
  
    
 # warn when certificate will be invalid within 5 days


  		




  28
  29
  
    
 env.warning 5:


  		




  
  30
  
    
 # for this certificate warn us 10 days before because it takes longer to renew


  		




  
  31
  
    
 env._etc_letsencrypt_live_example_com_cert_pem_warning 10:


  		




  29
  32
  
    
 # critical when certificate will be invalid within 1 day


  		




  30
  33
  
    
 env.critical 1:


  		




  31
  34
  
    

  		




  ......




  35
  38
  
    
(e.g. /etc/letsencrypt/live/*/cert.pem).


  		




  36
  39
  
    

  		




  37
  40
  
    
env.warning and env.critical are configurable values for the warning and critical levels according to


  		




  38
  
  
    
http://munin-monitoring.org/wiki/fieldname.warning and http://munin-monitoring.org/wiki/fieldname.critical


  		




  
  41
  
    
http://guide.munin-monitoring.org/en/latest/tutorial/alert.html?highlight=warning#syntax-of-warning-and-critical


  		




  
  42
  
    

  		




  
  43
  
    
env.LOGARITHMIC "yes" enables the logarithmic display of values which is useful if some of your certs are relatively


  		




  
  44
  
    
long lived in respect to the warning level. e.g. a ca.crt that is valid for 10 years together with a crl.pem that is


  		




  
  45
  
    
valid for only a few months combined with warning levels of 5 days. default is "yes" to disable set it to "no".


  		




  39
  46
  
    

  		




  40
  47
  
    
=head1 Dependencies


  		




  41
  48
  
    

  		




  ......




  53
  60
  
    

  		




  54
  61
  
    
. "$MUNIN_LIBDIR/plugins/plugin.sh"


  		




  55
  62
  
    

  		




  
  63
  
    
LOGARITHMIC=${LOGARITHMIC:-yes}


  		




  
  64
  
    

  		




  56
  65
  
    
if [ "$1" = "config" ] ; then


  		




  57
  66
  
    
  echo "graph_title Certificate validity"


  		




  58
  
  
    
  echo "graph_args --base 1000"


  		




  
  67
  
    
  if [ "$LOGARITHMIC" = "yes" ] ; then


  		




  
  68
  
    
    graph_args="--logarithmic --units=si"


  		




  
  69
  
    
  fi


  		




  
  70
  
    
  echo "graph_args --base 1000 $graph_args"


  		




  59
  71
  
    
  echo "graph_vlabel days"


  		




  60
  72
  
    
  echo "graph_category security"


  		




  61
  73
  
    
fi


  		




  62
  74
  
    

  		




  63
  75
  
    
now=$(date +%s)


  		




  64
  
  
    
warning=${warning:-5:}


  		




  65
  
  
    
critical=${critical:-1:}


  		




  66
  76
  
    
for cert in ${CERTS}; do


  		




  67
  77
  
    
  cert_type=${cert%:*}


  		




  68
  78
  
    
  cert_pattern=${cert#*:}


  		












Formats disponibles :  Unified diff