voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

update

Browse Source
This commit is contained in:
David Schroeder
2019-02-10 21:13:10 -06:00
parent 3c0b2cce6c
commit 3db8a2df24
2 changed files with 60 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nodemgmt-scripts.sh
View File

@@ -633,6 +633,7 @@ CHECK-CERTS(){
# /opt/idssys/nodemgmt/ssl-cert-check.sh -f /opt/idssys/nodemgmt/ssldomains -a # /opt/idssys/nodemgmt/ssl-cert-check.sh -f /opt/idssys/nodemgmt/ssldomains -a
SERVERFILE=/opt/idssys/nodemgmt/ssldomains SERVERFILE=/opt/idssys/nodemgmt/ssldomains
echo 'yes'
print_heading print_heading
echo 'WTF' echo 'WTF'
# IFS=$'\n' # IFS=$'\n'

160
ssl-check.sh
View File

@@ -23,24 +23,8 @@ QUIET="FALSE"
# Don't send E-mail by default (cmdline: -a) # Don't send E-mail by default (cmdline: -a)
ALARM="FALSE" ALARM="FALSE"
# Don't run as a Nagios plugin by default (cmdline: -n)
NAGIOS="FALSE"
# Don't summarize Nagios output by default (cmdline: -N)
NAGIOSSUMMARY="FALSE"
# NULL out the PKCSDBPASSWD variable for later use (cmdline: -k)
PKCSDBPASSWD=""
# Type of certificate (PEM, DER, NET) (cmdline: -t)
CERTTYPE="pem" CERTTYPE="pem"
# Protocol version to use (cmdline: -v)
VERSION=""
# Enable debugging
DEBUG=0
# Location of system binaries # Location of system binaries
AWK=$(which awk) AWK=$(which awk)
DATE=$(which date) DATE=$(which date)
@@ -81,8 +65,6 @@ else
MAILMODE="cantfindit" MAILMODE="cantfindit"
fi fi
# Return code used by nagios. Initialize to 0.
RETCODE=0
# Certificate counters and minimum difference. Initialize to 0. # Certificate counters and minimum difference. Initialize to 0.
SUMMARY_VALID=0 SUMMARY_VALID=0
@@ -270,19 +252,6 @@ print_summary(){
fi fi
} }
#############################################################
# Purpose: Set returncode to value if current value is lower
# Arguments:
# $1 -> New returncorde
#############################################################
set_returncode()
{
if [ ${RETCODE} -lt ${1} ]
then
RETCODE=${1}
fi
}
######################################################################## ########################################################################
# Purpose: Set certificate counters and informations for nagios summary # Purpose: Set certificate counters and informations for nagios summary
# Arguments: # Arguments:
@@ -380,11 +349,6 @@ check_server_status() {
TLSFLAG="" TLSFLAG=""
fi fi
if [ "${VERSION}" != "" ]
then
VER="-${VERSION}"
fi
if [ "${TLSSERVERNAME}" = "TRUE" ] if [ "${TLSSERVERNAME}" = "TRUE" ]
then then
TLSFLAG="${TLSFLAG} -servername $1" TLSFLAG="${TLSFLAG} -servername $1"
@@ -395,32 +359,26 @@ check_server_status() {
if ${GREP} -i "Connection refused" ${ERROR_TMP} > /dev/null if ${GREP} -i "Connection refused" ${ERROR_TMP} > /dev/null
then then
prints ${1} ${2} "Connection refused" "Unknown" prints ${1} ${2} "Connection refused" "Unknown"
set_returncode 3
elif ${GREP} -i "No route to host" ${ERROR_TMP} > /dev/null elif ${GREP} -i "No route to host" ${ERROR_TMP} > /dev/null
then then
prints ${1} ${2} "No route to host" "Unknown" prints ${1} ${2} "No route to host" "Unknown"
set_returncode 3
elif ${GREP} -i "gethostbyname failure" ${ERROR_TMP} > /dev/null elif ${GREP} -i "gethostbyname failure" ${ERROR_TMP} > /dev/null
then then
prints ${1} ${2} "Cannot resolve domain" "Unknown" prints ${1} ${2} "Cannot resolve domain" "Unknown"
set_returncode 3
elif ${GREP} -i "Operation timed out" ${ERROR_TMP} > /dev/null elif ${GREP} -i "Operation timed out" ${ERROR_TMP} > /dev/null
then then
prints ${1} ${2} "Operation timed out" "Unknown" prints ${1} ${2} "Operation timed out" "Unknown"
set_returncode 3
elif ${GREP} -i "ssl handshake failure" ${ERROR_TMP} > /dev/null elif ${GREP} -i "ssl handshake failure" ${ERROR_TMP} > /dev/null
then then
prints ${1} ${2} "SSL handshake failed" "Unknown" prints ${1} ${2} "SSL handshake failed" "Unknown"
set_returncode 3
elif ${GREP} -i "connect: Connection timed out" ${ERROR_TMP} > /dev/null elif ${GREP} -i "connect: Connection timed out" ${ERROR_TMP} > /dev/null
then then
prints ${1} ${2} "Connection timed out" "Unknown" prints ${1} ${2} "Connection timed out" "Unknown"
set_returncode 3
else else
check_file_status ${CERT_TMP} $1 $2 check_file_status ${CERT_TMP} $1 $2
@@ -445,7 +403,6 @@ check_file_status() {
then then
echo "ERROR: The file named ${CERTFILE} is unreadable or doesn't exist" echo "ERROR: The file named ${CERTFILE} is unreadable or doesn't exist"
echo "ERROR: Please check to make sure the certificate for ${HOST}:${PORT} is valid" echo "ERROR: Please check to make sure the certificate for ${HOST}:${PORT} is valid"
set_returncode 3
return return
fi fi
@@ -527,67 +484,69 @@ check_file_status() {
RETCODE_LOCAL=0 RETCODE_LOCAL=0
fi fi
set_returncode ${RETCODE_LOCAL}
MIN_DATE=$(echo ${CERTDATE} | ${AWK} '{ print $1, $2, $4 }') MIN_DATE=$(echo ${CERTDATE} | ${AWK} '{ print $1, $2, $4 }')
set_summary ${RETCODE_LOCAL} ${HOST} ${PORT} "${MIN_DATE}" ${CERTDIFF} # set_summary ${RETCODE_LOCAL} ${HOST} ${PORT} "${MIN_DATE}" ${CERTDIFF}
rm -f ${CERT_TMP} ${ERROR_TMP}
} }
### Check to make sure a openssl utility is available # ### Check to make sure a openssl utility is available
if [ ! -f ${OPENSSL} ] # if [ ! -f ${OPENSSL} ]
then # then
echo "ERROR: The openssl binary does not exist in ${OPENSSL}." # echo "ERROR: The openssl binary does not exist in ${OPENSSL}."
echo "FIX: Please modify the \${OPENSSL} variable in the program header." # echo "FIX: Please modify the \${OPENSSL} variable in the program header."
exit 1 # exit 1
fi # fi
#
### Check to make sure a date utility is available # ### Check to make sure a date utility is available
if [ ! -f ${DATE} ] # if [ ! -f ${DATE} ]
then # then
echo "ERROR: The date binary does not exist in ${DATE} ." # echo "ERROR: The date binary does not exist in ${DATE} ."
echo "FIX: Please modify the \${DATE} variable in the program header." # echo "FIX: Please modify the \${DATE} variable in the program header."
exit 1 # exit 1
fi # fi
#
### Check to make sure a grep and find utility is available # ### Check to make sure a grep and find utility is available
if [ ! -f ${GREP} ] || [ ! -f ${FIND} ] # if [ ! -f ${GREP} ] || [ ! -f ${FIND} ]
then # then
echo "ERROR: Unable to locate the greb and find binary." # echo "ERROR: Unable to locate the greb and find binary."
echo "FIX: Please modify the \${GREP} and \${FIND} variables in the program header." # echo "FIX: Please modify the \${GREP} and \${FIND} variables in the program header."
exit 1 # exit 1
fi # fi
#
### Check to make sure the mktemp and printf utilities are available # ### Check to make sure the mktemp and printf utilities are available
if [ ! -f ${MKTEMP} ] || [ ! -f ${PRINTF} ] # if [ ! -f ${MKTEMP} ] || [ ! -f ${PRINTF} ]
then # then
echo "ERROR: Unable to locate the mktemp or printf binary." # echo "ERROR: Unable to locate the mktemp or printf binary."
echo "FIX: Please modify the \${MKTEMP} and \${PRINTF} variables in the program header." # echo "FIX: Please modify the \${MKTEMP} and \${PRINTF} variables in the program header."
exit 1 # exit 1
fi # fi
#
### Check to make sure the sed and awk binaries are available # ### Check to make sure the sed and awk binaries are available
if [ ! -f ${SED} ] || [ ! -f ${AWK} ] # if [ ! -f ${SED} ] || [ ! -f ${AWK} ]
then # then
echo "ERROR: Unable to locate the sed or awk binary." # echo "ERROR: Unable to locate the sed or awk binary."
echo "FIX: Please modify the \${SED} and \${AWK} variables in the program header." # echo "FIX: Please modify the \${SED} and \${AWK} variables in the program header."
exit 1 # exit 1
fi # fi
#
### Check to make sure a mail client is available it automated notifications are requested # ### Check to make sure a mail client is available it automated notifications are requested
if [ "${ALARM}" = "TRUE" ] && [ ! -f ${MAIL} ] # if [ "${ALARM}" = "TRUE" ] && [ ! -f ${MAIL} ]
then # then
echo "ERROR: You enabled automated alerts, but the mail binary could not be found." # echo "ERROR: You enabled automated alerts, but the mail binary could not be found."
echo "FIX: Please modify the ${MAIL} variable in the program header." # echo "FIX: Please modify the ${MAIL} variable in the program header."
exit 1 # exit 1
fi # fi
#
# Send along the servername when TLS is used # # Send along the servername when TLS is used
if ${OPENSSL} s_client -help 2>&1 | grep '-servername' > /dev/null # if ${OPENSSL} s_client -help 2>&1 | grep '-servername' > /dev/null
then # then
TLSSERVERNAME="TRUE" # TLSSERVERNAME="TRUE"
else # else
TLSSERVERNAME="FALSE" # TLSSERVERNAME="FALSE"
fi # fi
# Place to stash temporary files # Place to stash temporary files
CERT_TMP=$($MKTEMP /var/tmp/cert.XXXXXX) CERT_TMP=$($MKTEMP /var/tmp/cert.XXXXXX)
@@ -661,6 +620,5 @@ fi
# exit 1 # exit 1
# fi # fi
rm -f ${CERT_TMP} ${ERROR_TMP}
exit 0 exit 0