diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index 132530f4..9fc3c4ff 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -633,6 +633,7 @@ CHECK-CERTS(){ # /opt/idssys/nodemgmt/ssl-cert-check.sh -f /opt/idssys/nodemgmt/ssldomains -a SERVERFILE=/opt/idssys/nodemgmt/ssldomains + echo 'yes' print_heading echo 'WTF' # IFS=$'\n' diff --git a/ssl-check.sh b/ssl-check.sh index cefd5e5c..e8b632e6 100755 --- a/ssl-check.sh +++ b/ssl-check.sh @@ -23,24 +23,8 @@ QUIET="FALSE" # Don't send E-mail by default (cmdline: -a) ALARM="FALSE" -# Don't run as a Nagios plugin by default (cmdline: -n) -NAGIOS="FALSE" - -# Don't summarize Nagios output by default (cmdline: -N) -NAGIOSSUMMARY="FALSE" - -# NULL out the PKCSDBPASSWD variable for later use (cmdline: -k) -PKCSDBPASSWD="" - -# Type of certificate (PEM, DER, NET) (cmdline: -t) CERTTYPE="pem" -# Protocol version to use (cmdline: -v) -VERSION="" - -# Enable debugging -DEBUG=0 - # Location of system binaries AWK=$(which awk) DATE=$(which date) @@ -81,8 +65,6 @@ else MAILMODE="cantfindit" fi -# Return code used by nagios. Initialize to 0. -RETCODE=0 # Certificate counters and minimum difference. Initialize to 0. SUMMARY_VALID=0 @@ -270,19 +252,6 @@ print_summary(){ fi } -############################################################# -# Purpose: Set returncode to value if current value is lower -# Arguments: -# $1 -> New returncorde -############################################################# -set_returncode() -{ - if [ ${RETCODE} -lt ${1} ] - then - RETCODE=${1} - fi -} - ######################################################################## # Purpose: Set certificate counters and informations for nagios summary # Arguments: @@ -380,11 +349,6 @@ check_server_status() { TLSFLAG="" fi - if [ "${VERSION}" != "" ] - then - VER="-${VERSION}" - fi - if [ "${TLSSERVERNAME}" = "TRUE" ] then TLSFLAG="${TLSFLAG} -servername $1" @@ -395,32 +359,26 @@ check_server_status() { if ${GREP} -i "Connection refused" ${ERROR_TMP} > /dev/null then prints ${1} ${2} "Connection refused" "Unknown" - set_returncode 3 elif ${GREP} -i "No route to host" ${ERROR_TMP} > /dev/null then prints ${1} ${2} "No route to host" "Unknown" - set_returncode 3 elif ${GREP} -i "gethostbyname failure" ${ERROR_TMP} > /dev/null then prints ${1} ${2} "Cannot resolve domain" "Unknown" - set_returncode 3 elif ${GREP} -i "Operation timed out" ${ERROR_TMP} > /dev/null then prints ${1} ${2} "Operation timed out" "Unknown" - set_returncode 3 elif ${GREP} -i "ssl handshake failure" ${ERROR_TMP} > /dev/null then prints ${1} ${2} "SSL handshake failed" "Unknown" - set_returncode 3 elif ${GREP} -i "connect: Connection timed out" ${ERROR_TMP} > /dev/null then prints ${1} ${2} "Connection timed out" "Unknown" - set_returncode 3 else check_file_status ${CERT_TMP} $1 $2 @@ -445,7 +403,6 @@ check_file_status() { then echo "ERROR: The file named ${CERTFILE} is unreadable or doesn't exist" echo "ERROR: Please check to make sure the certificate for ${HOST}:${PORT} is valid" - set_returncode 3 return fi @@ -527,67 +484,69 @@ check_file_status() { RETCODE_LOCAL=0 fi - set_returncode ${RETCODE_LOCAL} MIN_DATE=$(echo ${CERTDATE} | ${AWK} '{ print $1, $2, $4 }') - set_summary ${RETCODE_LOCAL} ${HOST} ${PORT} "${MIN_DATE}" ${CERTDIFF} + # set_summary ${RETCODE_LOCAL} ${HOST} ${PORT} "${MIN_DATE}" ${CERTDIFF} + + rm -f ${CERT_TMP} ${ERROR_TMP} + } -### Check to make sure a openssl utility is available -if [ ! -f ${OPENSSL} ] -then - echo "ERROR: The openssl binary does not exist in ${OPENSSL}." - echo "FIX: Please modify the \${OPENSSL} variable in the program header." - exit 1 -fi - -### Check to make sure a date utility is available -if [ ! -f ${DATE} ] -then - echo "ERROR: The date binary does not exist in ${DATE} ." - echo "FIX: Please modify the \${DATE} variable in the program header." - exit 1 -fi - -### Check to make sure a grep and find utility is available -if [ ! -f ${GREP} ] || [ ! -f ${FIND} ] -then - echo "ERROR: Unable to locate the greb and find binary." - echo "FIX: Please modify the \${GREP} and \${FIND} variables in the program header." - exit 1 -fi - -### Check to make sure the mktemp and printf utilities are available -if [ ! -f ${MKTEMP} ] || [ ! -f ${PRINTF} ] -then - echo "ERROR: Unable to locate the mktemp or printf binary." - echo "FIX: Please modify the \${MKTEMP} and \${PRINTF} variables in the program header." - exit 1 -fi - -### Check to make sure the sed and awk binaries are available -if [ ! -f ${SED} ] || [ ! -f ${AWK} ] -then - echo "ERROR: Unable to locate the sed or awk binary." - echo "FIX: Please modify the \${SED} and \${AWK} variables in the program header." - exit 1 -fi - -### Check to make sure a mail client is available it automated notifications are requested -if [ "${ALARM}" = "TRUE" ] && [ ! -f ${MAIL} ] -then - echo "ERROR: You enabled automated alerts, but the mail binary could not be found." - echo "FIX: Please modify the ${MAIL} variable in the program header." - exit 1 -fi - -# Send along the servername when TLS is used -if ${OPENSSL} s_client -help 2>&1 | grep '-servername' > /dev/null -then - TLSSERVERNAME="TRUE" -else - TLSSERVERNAME="FALSE" -fi +# ### Check to make sure a openssl utility is available +# if [ ! -f ${OPENSSL} ] +# then +# echo "ERROR: The openssl binary does not exist in ${OPENSSL}." +# echo "FIX: Please modify the \${OPENSSL} variable in the program header." +# exit 1 +# fi +# +# ### Check to make sure a date utility is available +# if [ ! -f ${DATE} ] +# then +# echo "ERROR: The date binary does not exist in ${DATE} ." +# echo "FIX: Please modify the \${DATE} variable in the program header." +# exit 1 +# fi +# +# ### Check to make sure a grep and find utility is available +# if [ ! -f ${GREP} ] || [ ! -f ${FIND} ] +# then +# echo "ERROR: Unable to locate the greb and find binary." +# echo "FIX: Please modify the \${GREP} and \${FIND} variables in the program header." +# exit 1 +# fi +# +# ### Check to make sure the mktemp and printf utilities are available +# if [ ! -f ${MKTEMP} ] || [ ! -f ${PRINTF} ] +# then +# echo "ERROR: Unable to locate the mktemp or printf binary." +# echo "FIX: Please modify the \${MKTEMP} and \${PRINTF} variables in the program header." +# exit 1 +# fi +# +# ### Check to make sure the sed and awk binaries are available +# if [ ! -f ${SED} ] || [ ! -f ${AWK} ] +# then +# echo "ERROR: Unable to locate the sed or awk binary." +# echo "FIX: Please modify the \${SED} and \${AWK} variables in the program header." +# exit 1 +# fi +# +# ### Check to make sure a mail client is available it automated notifications are requested +# if [ "${ALARM}" = "TRUE" ] && [ ! -f ${MAIL} ] +# then +# echo "ERROR: You enabled automated alerts, but the mail binary could not be found." +# echo "FIX: Please modify the ${MAIL} variable in the program header." +# exit 1 +# fi +# +# # Send along the servername when TLS is used +# if ${OPENSSL} s_client -help 2>&1 | grep '-servername' > /dev/null +# then +# TLSSERVERNAME="TRUE" +# else +# TLSSERVERNAME="FALSE" +# fi # Place to stash temporary files CERT_TMP=$($MKTEMP /var/tmp/cert.XXXXXX) @@ -661,6 +620,5 @@ fi # exit 1 # fi -rm -f ${CERT_TMP} ${ERROR_TMP} exit 0 \ No newline at end of file